Bugtraq mailing list archives
RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
From: "Rainer Gerhards" <rgerhards () hq adiscon com>
Date: Tue, 10 Feb 2004 22:36:07 +0100
I think Microsoft is using wording to keep the typical end user in a warm and cozy state. Technically, except for AD services, each client has a full server implementation and as such should be vulnerable. I assume that many of those DSL-connected, non-firewalled home machines are easy targets. And that the server is more likely to be attacked is just an assumption - in the days of class A vuln sweeps and random worm scans, I don't think that servers are at most risk. In fact, I think the unprotected home machines are... Rainer
-----Original Message----- From: Tina Bird [mailto:tbird () precision-guesswork com] Sent: Tuesday, February 10, 2004 9:41 PM To: Marc Maiffret Cc: Joe Blatz; BUGTRAQ () securityfocus com Subject: RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption On Tue, 10 Feb 2004, Marc Maiffret wrote:This attack can be performed through various encryptionsystems such asKerberos and almost anything using CERTs... I am not sure about Microsofts wording in their advisory.Microsoft also states that servers are likelier to be attacked using this vulnerability than clients are, because they're likelier to be decoding ASN.1 data. But if the vulnerable code can be accessed via LSASS.exe, doesn't that mean all systems are at risk? thanks for any info -- tbird -- It doesn't have to be our fault to be our responsibility. -- Paul Robertson http://www.precision-guesswork.com Log Analysis http://www.loganalysis.org VPN http://vpn.shmoo.com tbird's Security Alerts http://securecomputing.stanford.edu/alert.html
Current thread:
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption, (continued)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Joe Blatz (Feb 10)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Marc Maiffret (Feb 10)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Tina Bird (Feb 10)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption James Riden (Feb 11)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Marc Maiffret (Feb 10)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption peter.huang (Feb 12)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Tim Eddy (Feb 10)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Peter Pentchev (Feb 12)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Timothy J . Miller (Feb 12)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Florian Weimer (Feb 16)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Rainer Gerhards (Feb 10)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Tina Bird (Feb 11)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Alun Jones (Feb 11)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Rainer Gerhards (Feb 11)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Steve Friedl (Feb 12)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Thor Lancelot Simon (Feb 13)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Buck Huppmann (Feb 16)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption David Wilson (Feb 16)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Sam Schinke (Feb 12)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Drew Copley (Feb 12)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Boyce, Nick (Feb 13)
(Thread continues...)