Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: ASN vulerability question

From: "Bill Royds" <full-disclosure () royds net>
Date: Wed, 11 Feb 2004 21:46:10 -0500
There is a add-on toe Windows 98 to allow it to work in a Windows 2000
Active Directory network. Since Active Directory uses the ASN.1 parsing (for
Kerberos and LANMAN2 authentications), it would need to add that DLL to the
Windows 98 configuration.
  So Windows 98 would be vulnerable (and need to patch) if you added the
add-on for Windows 2000 network membership.

 

-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of William Warren
Sent: February 11, 2004 5:50 PM
To: Full_Dsiclosure
Subject: [Full-disclosure] ASN vulerability question

A user of a much less technical list I am a member of asked a very 
interesting question I quote it below:

I am well aware that Windows Update and the Microsoft Security bulletins do

not indicate that Win98 is affected by this ASN vulnerability.  But I 

did

read that on an NT4.0 system, searching for msasn1.dll would let you 

know

if you were affected.  Well, for grins, I did this on my 98se
machine.  Bam; I have it.  So my question is this: Is there not an 

update

because the implementation of asn is different in Win98, or is it 

because

the product life cycle for Windows 98 has ended, and the vulnerability
really does affect 98 users--there's just nothing they can do about it?


What's the verdict on this one?
-- 
May God Bless you and everything you touch.

My "foundation" verse:
Isaiah 54:17 No weapon that is formed against thee shall prosper; and 
every tongue that shall rise against thee in judgment thou shalt 
condemn. This is the heritage of the servants of the LORD, and their 
righteousness is of me, saith the LORD.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: