|
Bugtraq
mailing list archives
Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
From: Peter Pentchev <roam () ringlet net>
Date: Wed, 11 Feb 2004 13:59:24 +0200
On Wed, Feb 11, 2004 at 09:16:40AM +1100, Tim Eddy wrote:
Marc,
If we remove the default exemptions for Kerberos & RSVP from IPSEC with
the "NoDefaultExempt" registry key, this still passes IKE. Therefore is
IKE vulnerable to the ASN bug?
It would appear that it is indeed. The Internet Key Exchange protocol
is defined in RFC 2409, and section 5.2, "Phase 1 Authentication With
Public Key Encryption", states that "RSA encryption MUST be encoded in
PKCS #1 format". The PKCS #1 standard always uses ASN.1 to encode
the keys and signature schemes used.
G'luck,
Peter
--
Peter Pentchev roam () ringlet net roam () sbnd net roam () FreeBSD org
PGP key: http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553
If this sentence didn't exist, somebody would have invented it.
Attachment:
_bin
Description:
 By Date 
By Thread
Current thread:
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption, (continued)
|
Intro
