lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 11 Feb 2004 19:04:31 -0000
From: "Boyce, Nick" <nick.boyce@....com>
To: BUGTRAQ@...urityfocus.com
Cc: "'Marc Maiffret'" <mmaiffret@...e.com>
Subject: RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption


On 10.Feb.2004, Marc Maiffret wrote :

> Systems Affected:
> Microsoft Windows NT 4.0 (all versions)
> Microsoft Windows 2000 (SP3 and earlier)
> crosoft Windows XP (all versions)
> 
> Software Affected:
> Microsoft Internet Explorer
> Microsoft Outlook
> Microsoft Outlook Express
> Third-party applications that use certificates

At the risk of boring everyone with thoughts of "obsolete" technology, I
note that Win98SE systems with Internet Explorer 6 SP1 and all current fixes
contain the library MSASN1.DLL :

  location:  {system drive}\WINDOWS\SYSTEM
  version:  4.4.3388
  size:  51,984 bytes
  date: 23rd.October.2000

Since the library is apparently used by IE to process webserver SSL
certificates, can anyone comment on the likely vulnerability of Win98SE
systems to this flaw (as presented by malicious websites with suitably
crafted server certificates) ?   As is noted here regularly, there are a lot
of Win98 systems still out there.

The file versions for MSASN1.DLL listed in
http://www.microsoft.com/technet/security/bulletin/MS04-007.asp are all of
the form 5.m.nnnn.x, so it may be that the Win98 version is so much older
that it doesn't contain the vulnerable code ...

Nick Boyce
EDS, Bristol, UK


Powered by blists - more mailing lists