Full Disclosure mailing list archives
RE: ASN vulerability question
From: "Bill Royds" <full-disclosure () royds net>
Date: Wed, 11 Feb 2004 21:46:10 -0500
There is a add-on toe Windows 98 to allow it to work in a Windows 2000 Active Directory network. Since Active Directory uses the ASN.1 parsing (for Kerberos and LANMAN2 authentications), it would need to add that DLL to the Windows 98 configuration. So Windows 98 would be vulnerable (and need to patch) if you added the add-on for Windows 2000 network membership. -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of William Warren Sent: February 11, 2004 5:50 PM To: Full_Dsiclosure Subject: [Full-disclosure] ASN vulerability question A user of a much less technical list I am a member of asked a very interesting question I quote it below: I am well aware that Windows Update and the Microsoft Security bulletins do
not indicate that Win98 is affected by this ASN vulnerability. But I
did
read that on an NT4.0 system, searching for msasn1.dll would let you
know
if you were affected. Well, for grins, I did this on my 98se machine. Bam; I have it. So my question is this: Is there not an
update
because the implementation of asn is different in Win98, or is it
because
the product life cycle for Windows 98 has ended, and the vulnerability really does affect 98 users--there's just nothing they can do about it?
What's the verdict on this one? -- May God Bless you and everything you touch. My "foundation" verse: Isaiah 54:17 No weapon that is formed against thee shall prosper; and every tongue that shall rise against thee in judgment thou shalt condemn. This is the heritage of the servants of the LORD, and their righteousness is of me, saith the LORD. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- ASN vulerability question William Warren (Feb 11)
- RE: ASN vulerability question Bill Royds (Feb 11)