Bugtraq mailing list archives

Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption

From: Timothy J.Miller <cerebus () sackheads org>
Date: Wed, 11 Feb 2004 08:19:31 -0600

On Feb 10, 2004, at 4:16 PM, Tim Eddy wrote:

Marc,

If we remove the default exemptions for Kerberos & RSVP from IPSEC with
the "NoDefaultExempt" registry key, this still passes IKE. Therefore is
IKE vulnerable to the ASN bug?

Very likely, as IKE data is marshaled into ASN.1 format. The fun partabout ASN.1 is it's so damn useful you tend to use it *everywhere*.

Is anyone else wondering why MS didn't fix this with the last round ofASN.1 decoding overflow vulnerabilities (remember the SNMP hole)? It'sbasically the same problem.


-- Cerebus

Current thread:

EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Marc Maiffret (Feb 10)
- <Possible follow-ups>
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Joe Blatz (Feb 10)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Marc Maiffret (Feb 10)
  - RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Tina Bird (Feb 10)
  - Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption James Riden (Feb 11)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Marc Maiffret (Feb 10)
  - RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption peter.huang (Feb 12)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Tim Eddy (Feb 10)
  - Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Peter Pentchev (Feb 12)
  - Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Timothy J . Miller (Feb 12)
    - Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Florian Weimer (Feb 16)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Rainer Gerhards (Feb 10)
  - RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Tina Bird (Feb 11)
  - RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Alun Jones (Feb 11)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Rainer Gerhards (Feb 11)
  - Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Steve Friedl (Feb 12)
  - Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Thor Lancelot Simon (Feb 13)
    - Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Buck Huppmann (Feb 16)
    - Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption David Wilson (Feb 16)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Sam Schinke (Feb 12)

(Thread continues...)