Bugtraq mailing list archives
Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
From: Peter Pentchev <roam () ringlet net>
Date: Wed, 11 Feb 2004 13:59:24 +0200
On Wed, Feb 11, 2004 at 09:16:40AM +1100, Tim Eddy wrote:
Marc, If we remove the default exemptions for Kerberos & RSVP from IPSEC with the "NoDefaultExempt" registry key, this still passes IKE. Therefore is IKE vulnerable to the ASN bug?
It would appear that it is indeed. The Internet Key Exchange protocol is defined in RFC 2409, and section 5.2, "Phase 1 Authentication With Public Key Encryption", states that "RSA encryption MUST be encoded in PKCS #1 format". The PKCS #1 standard always uses ASN.1 to encode the keys and signature schemes used. G'luck, Peter -- Peter Pentchev roam () ringlet net roam () sbnd net roam () FreeBSD org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 If this sentence didn't exist, somebody would have invented it.
Attachment:
_bin
Description:
Current thread:
- EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Marc Maiffret (Feb 10)
- <Possible follow-ups>
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Joe Blatz (Feb 10)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Marc Maiffret (Feb 10)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Tina Bird (Feb 10)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption James Riden (Feb 11)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Marc Maiffret (Feb 10)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption peter.huang (Feb 12)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Tim Eddy (Feb 10)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Peter Pentchev (Feb 12)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Timothy J . Miller (Feb 12)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Florian Weimer (Feb 16)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Rainer Gerhards (Feb 10)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Tina Bird (Feb 11)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Alun Jones (Feb 11)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Rainer Gerhards (Feb 11)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Steve Friedl (Feb 12)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Thor Lancelot Simon (Feb 13)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Buck Huppmann (Feb 16)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption David Wilson (Feb 16)
(Thread continues...)