| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 21 Sep 2007 13:38:20 -0700 From: David Chastain <dlcmacosx@....com> To: Valdis.Kletnieks@...edu Cc: Code Breaker <cbreaker@...il.com>, full-disclosure@...ts.grok.org.uk Subject: Re: help analysing asn overflow Are you gonna blow hot air VK or are you gonna help the man/woman??? On Friday, September 21, 2007, at 12:44PM, <Valdis.Kletnieks@...edu> wrote: >On Sat, 22 Sep 2007 00:49:30 +0530, Code Breaker said: > >> i am trying to analyse the old asn integer overflow.Can anyone guide me >> towards right direction?which function contains the vulnerable code?is it >> asn1_decode? > >It's not "the old asn integer", it's "one of the old asn integer"... > >There were about a zillion and a half different places in that code that >were exploitable, because actual error checking was, like, a foreign language >to that crew when they wrote it originally. > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists