lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <200402132315.i1DNFYAa067379@mailserver1.hushmail.com>
Date: Fri, 13 Feb 2004 15:15:34 -0800
From: <kradhatman@...hmail.com>
To: bugtraq@...urityfocus.com
Subject: RE:  ISS Security Rip: Microsoft ASN.1 (Half a sploit)


"Due to the nature of this vulnerability, reliable and successful remote
exploitation is considered difficult."

funny little men. there already a half working exploit for ASN. 

http://linuxfromscratch.org/~devine/MS04-007-dos.c

-----Original Message-----
From: X-Force [mailto:xforce@....net]
Sent: Wednesday, February 11, 2004 9:55 AM
To: bugtraq@...urityfocus.com
Subject: ISS Security Brief: Microsoft ASN.1 Integer Manipulation Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----

Internet Security Systems Security Brief February 11, 2004

Microsoft ASN.1 Integer Manipulation Vulnerabilities

Synopsis:

Microsoft has release Security Bulletin MS04-007 to address vulnerabilities
in the ASN.1 parsing component of the Windows Operating Systems. This
component is used by several applications for transmission of data across
the network. Some examples of applications which make use of ASN.1 include
Internet Explorer and IIS for certificate parsing, NTLMv2 authentication,
 Kerberos authentication, ISAKMP, LDAP and Exchange.

Impact:

The vulnerability could be exploited by remote attackers to cause a Denial
of Service (DoS) or potentially gain access to a vulnerable machine with
the privileges of the services being exploited. This vulnerability may
be exploited in many default configurations if vulnerable services are
remotely accessible.

There are currently no known exploits in the wild for this issue. Due
to the nature of this vulnerability, reliable and successful remote exploitation
is considered difficult



Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434

Promote security and make money with the Hushmail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ