lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20040212024612.RZZD181170.fep02-mail.bloor.is.net.cable.rogers.com@BillDell>
From: full-disclosure at royds.net (Bill Royds)
Subject: ASN vulerability question

There is a add-on toe Windows 98 to allow it to work in a Windows 2000
Active Directory network. Since Active Directory uses the ASN.1 parsing (for
Kerberos and LANMAN2 authentications), it would need to add that DLL to the
Windows 98 configuration.
  So Windows 98 would be vulnerable (and need to patch) if you added the
add-on for Windows 2000 network membership.

 

-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of William Warren
Sent: February 11, 2004 5:50 PM
To: Full_Dsiclosure
Subject: [Full-Disclosure] ASN vulerability question

A user of a much less technical list I am a member of asked a very 
interesting question I quote it below:

I am well aware that Windows Update and the Microsoft Security bulletins do
 > not indicate that Win98 is affected by this ASN vulnerability.  But I 
did
 > read that on an NT4.0 system, searching for msasn1.dll would let you 
know
 > if you were affected.  Well, for grins, I did this on my 98se
 > machine.  Bam; I have it.  So my question is this: Is there not an 
update
 > because the implementation of asn is different in Win98, or is it 
because
 > the product life cycle for Windows 98 has ended, and the vulnerability
 > really does affect 98 users--there's just nothing they can do about it?

What's the verdict on this one?
-- 
May God Bless you and everything you touch.

My "foundation" verse:
Isaiah 54:17 No weapon that is formed against thee shall prosper; and 
every tongue that shall rise against thee in judgment thou shalt 
condemn. This is the heritage of the servants of the LORD, and their 
righteousness is of me, saith the LORD.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ