[33683] in bugtraq
Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
daemon@ATHENA.MIT.EDU (Peter Pentchev)
Fri Feb 13 05:20:30 2004
Date: Wed, 11 Feb 2004 13:59:24 +0200
From: Peter Pentchev <roam@ringlet.net>
To: Tim Eddy <eddyt@stgeorge.com.au>
Cc: mmaiffret@eeye.com, tbird@precision-guesswork.com,
BUGTRAQ@securityfocus.com, sd_wireless@yahoo.com
Message-ID: <20040211115923.GJ11154@straylight.m.ringlet.net>
Mail-Followup-To: Tim Eddy <eddyt@stgeorge.com.au>,
mmaiffret@eeye.com, tbird@precision-guesswork.com,
BUGTRAQ@securityfocus.com, sd_wireless@yahoo.com
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="WplhKdTI2c8ulnbP"
Content-Disposition: inline
In-Reply-To: <s029f30d.027@stgeorge.com.au>
--WplhKdTI2c8ulnbP
Content-Type: text/plain; charset=windows-1251
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Wed, Feb 11, 2004 at 09:16:40AM +1100, Tim Eddy wrote:
> Marc,
>=20
> If we remove the default exemptions for Kerberos & RSVP from IPSEC with
> the "NoDefaultExempt" registry key, this still passes IKE. Therefore is
> IKE vulnerable to the ASN bug?
It would appear that it is indeed. The Internet Key Exchange protocol
is defined in RFC 2409, and section 5.2, "Phase 1 Authentication With
Public Key Encryption", states that "RSA encryption MUST be encoded in
PKCS #1 format". The PKCS #1 standard always uses ASN.1 to encode
the keys and signature schemes used.
G'luck,
Peter
--=20
Peter Pentchev roam@ringlet.net roam@sbnd.net roam@FreeBSD.org
PGP key: http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553
If this sentence didn't exist, somebody would have invented it.
--WplhKdTI2c8ulnbP
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
iD8DBQFAKhkb7Ri2jRYZRVMRAoopAJ0YMxmvS3M9JuuO9V66ryDd9I/9LwCgnFDo
8yFPvNp3uO/EFl5rM+epCzA=
=0s8d
-----END PGP SIGNATURE-----
--WplhKdTI2c8ulnbP--
