Full Disclosure mailing list archives

Re: help analysing asn overflow

From: David Chastain <dlcmacosx () mac com>
Date: Fri, 21 Sep 2007 13:38:20 -0700

Are you gonna blow hot air VK or are you gonna help the man/woman???
 
On Friday, September 21, 2007, at 12:44PM, <Valdis.Kletnieks () vt edu> wrote:

On Sat, 22 Sep 2007 00:49:30 +0530, Code Breaker said:

i am trying to analyse the old asn integer overflow.Can anyone guide me
towards right direction?which function contains the vulnerable code?is it
asn1_decode?


It's not "the old asn integer", it's "one of the old asn integer"...

There were about a zillion and a half different places in that code that
were exploitable, because actual error checking was, like, a foreign language
to that crew when they wrote it originally.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

help analysing asn overflow Code Breaker (Sep 21)
- Re: help analysing asn overflow Valdis . Kletnieks (Sep 21)
  - Re: help analysing asn overflow David Chastain (Sep 21)