| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 12 Feb 2004 09:12:37 -0000 From: Bill Gallagher <Bill.Gallagher@...harue.com> To: 'Tina Bird' <tbird@...cision-guesswork.com> Cc: BUGTRAQ@...urityfocus.com Subject: RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption ... > In order to trigger the ASN.1 vulnerabilities an attacker has > to be able > to get the target machine to invoke its BER decoding capabilities. I have read a good number of the posts here regarding this vulnerability and have seen references to NTLM etc. as a pathway for attack. What about SNMP?, it certainly uses ASN.1. Does MS's SNMP stack not use this DLL? - Must check. > I > certainly don't know the details -- maybe someone here does? > -- but it's > gotta be a little difficult to send a random network packet to get a > desktop machine (that is, not a domain controller or an AD server or > something) and get it to invoke MSASN1. > > I can imagine lots of attacks that require user intervention > to hit this > one (like opening a hostile SSL-based web site) -- but can this be > triggered without user intervention? > > thanks for more info -- tbird > Like the others, SNMP should never pass the perimeter defences, but we are talking about the same internet that got hit by blaster, SQL-Slammer etc. I'm still occasionally finding it difficult to get some admins to operate a 'default deny' stance on inbound ports, let alone outbound.
Powered by blists - more mailing lists