Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption

From: Thor Lancelot Simon <tls () rek tjls com>
Date: Fri, 13 Feb 2004 01:04:31 -0500
On Wed, Feb 11, 2004 at 10:10:32AM +0100, Rainer Gerhards wrote:


As of my understanding (I haven't tried to reproduce, just theory here),
ASN.1 is not only used for AD, but also for NTLM authentication. Even if
that is not the case, there are several cases where ASN.1 is used. And
"invoking BER decoding capabilities" (from the MS Advisory) may sound
like something seldomly done... In fact, if you receive ASN.1 on the
wire, you need to decode BER because this is the way you get hold of the
message content. It is the same thing as "decoding the SMTP message" is


That's not actually correct.  Most network protocols use the
"Distinguished Encoding Rules" (DER) not the "Basic Encoding Rules" 
(BER).  BER is an abomination and should never, ever have been in
the standard; the only protocol commonly used over IP that uses BER
is LDAP, because it descends from DAP, which used BER.

So you can't reasonably assume that if it uses ASN.1, it uses
BER.  That's presumably why Microsoft left certain ASN.1-using
network services turned on.

Thor
Previous By Date Next
Previous By Thread Next

Current thread: