Bugtraq: Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption

From: Florian Weimer <fw () deneb enyo de>
Date: Sat, 14 Feb 2004 17:14:01 +0100

Timothy J.Miller wrote:

Is anyone else wondering why MS didn't fix this with the last round of 
ASN.1 decoding overflow vulnerabilities (remember the SNMP hole)?  It's 
basically the same problem.


Not really.  AFAIK, they haven't fixed an equivalent to the xdr_array()
integer overflow in the NSVC run-time library, either.  (I was rather
surprised to see an HP-UX advisory on this issue a couple of weeks ago,
though.)

By Date By Thread

Current thread:

RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption, (continued)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Marc Maiffret (Feb 10)
  - RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption peter.huang (Feb 12)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Tim Eddy (Feb 10)
  - Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Peter Pentchev (Feb 12)
  - Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Timothy J . Miller (Feb 12)
    - Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Florian Weimer (Feb 16)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Rainer Gerhards (Feb 10)
  - RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Tina Bird (Feb 11)
  - RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Alun Jones (Feb 11)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Rainer Gerhards (Feb 11)
  - Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption Steve Friedl (Feb 12)