lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 13 Feb 2004 01:04:31 -0500
From: Thor Lancelot Simon <tls@....tjls.com>
To: bugtraq@...urityfocus.com
Subject: Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption


On Wed, Feb 11, 2004 at 10:10:32AM +0100, Rainer Gerhards wrote:
> 
> As of my understanding (I haven't tried to reproduce, just theory here),
> ASN.1 is not only used for AD, but also for NTLM authentication. Even if
> that is not the case, there are several cases where ASN.1 is used. And
> "invoking BER decoding capabilities" (from the MS Advisory) may sound
> like something seldomly done... In fact, if you receive ASN.1 on the
> wire, you need to decode BER because this is the way you get hold of the
> message content. It is the same thing as "decoding the SMTP message" is

That's not actually correct.  Most network protocols use the
"Distinguished Encoding Rules" (DER) not the "Basic Encoding Rules" 
(BER).  BER is an abomination and should never, ever have been in
the standard; the only protocol commonly used over IP that uses BER
is LDAP, because it descends from DAP, which used BER.

So you can't reasonably assume that if it uses ASN.1, it uses
BER.  That's presumably why Microsoft left certain ASN.1-using
network services turned on.

Thor


Powered by blists - more mailing lists