Bugtraq mailing list archives
RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
From: Bill Gallagher <Bill.Gallagher () augharue com>
Date: Thu, 12 Feb 2004 09:12:37 -0000
...
In order to trigger the ASN.1 vulnerabilities an attacker has to be able to get the target machine to invoke its BER decoding capabilities.
I have read a good number of the posts here regarding this vulnerability and have seen references to NTLM etc. as a pathway for attack. What about SNMP?, it certainly uses ASN.1. Does MS's SNMP stack not use this DLL? - Must check.
I certainly don't know the details -- maybe someone here does? -- but it's gotta be a little difficult to send a random network packet to get a desktop machine (that is, not a domain controller or an AD server or something) and get it to invoke MSASN1. I can imagine lots of attacks that require user intervention to hit this one (like opening a hostile SSL-based web site) -- but can this be triggered without user intervention? thanks for more info -- tbird
Like the others, SNMP should never pass the perimeter defences, but we are talking about the same internet that got hit by blaster, SQL-Slammer etc. I'm still occasionally finding it difficult to get some admins to operate a 'default deny' stance on inbound ports, let alone outbound.
Current thread:
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption, (continued)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Rainer Gerhards (Feb 11)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Steve Friedl (Feb 12)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Thor Lancelot Simon (Feb 13)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Buck Huppmann (Feb 16)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption David Wilson (Feb 16)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Sam Schinke (Feb 12)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Drew Copley (Feb 12)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Boyce, Nick (Feb 13)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Michael Shigorin (Feb 16)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Joshua Levitsky (Feb 16)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Bill Gallagher (Feb 15)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Rainer Gerhards (Feb 11)