Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
From: Timothy J.Miller <cerebus () sackheads org>
Date: Wed, 11 Feb 2004 08:19:31 -0600
On Feb 10, 2004, at 4:16 PM, Tim Eddy wrote:


Marc,

If we remove the default exemptions for Kerberos & RSVP from IPSEC with
the "NoDefaultExempt" registry key, this still passes IKE. Therefore is
IKE vulnerable to the ASN bug?
Very likely, as IKE data is marshaled into ASN.1 format. The fun part about ASN.1 is it's so damn useful you tend to use it *everywhere*.
Is anyone else wondering why MS didn't fix this with the last round of ASN.1 decoding overflow vulnerabilities (remember the SNMP hole)? It's basically the same problem. 

-- Cerebus

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]