[33635] in bugtraq
Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
daemon@ATHENA.MIT.EDU (James Riden)
Wed Feb 11 21:11:53 2004
To: "Marc Maiffret" <mmaiffret@eeye.com>
Cc: "Joe Blatz" <sd_wireless@yahoo.com>, <BUGTRAQ@securityfocus.com>
From: James Riden <j.riden@massey.ac.nz>
Date: Wed, 11 Feb 2004 13:04:55 +1300
In-Reply-To: <7BE3FADD73E3734AA95BCA7AE4802F3038C11A@hermes.eCompany.gov> (Marc
Maiffret's message of "Tue, 10 Feb 2004 11:44:43 -0800")
Message-ID: <87ptcmbhw8.fsf@it029205.massey.ac.nz>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
"Marc Maiffret" <mmaiffret@eeye.com> writes:
> This attack can be performed through various encryption systems such as
> Kerberos and almost anything using CERTs... I am not sure about
> Microsofts wording in their advisory.
I think they use the ominous phrase "many possible vectors"; if
anything kicks off, containing it may not be anything like as easy as
blocking 135/tcp. How easy does it look to exploit it?
Regardless, this one is going to get patched ASAP here.
--
James Riden / j.riden@massey.ac.nz / Systems Security Engineer
GPG public key available at: http://www.massey.ac.nz/~jriden/
This post does not necessarily represent the views of my employer.
