[33683] in bugtraq

home help back first fref pref prev next nref lref last post

Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption

daemon@ATHENA.MIT.EDU (Peter Pentchev)
Fri Feb 13 05:20:30 2004

Date: Wed, 11 Feb 2004 13:59:24 +0200
From: Peter Pentchev <roam@ringlet.net>
To: Tim Eddy <eddyt@stgeorge.com.au>
Cc: mmaiffret@eeye.com, tbird@precision-guesswork.com,
        BUGTRAQ@securityfocus.com, sd_wireless@yahoo.com
Message-ID: <20040211115923.GJ11154@straylight.m.ringlet.net>
Mail-Followup-To: Tim Eddy <eddyt@stgeorge.com.au>,
	mmaiffret@eeye.com, tbird@precision-guesswork.com,
	BUGTRAQ@securityfocus.com, sd_wireless@yahoo.com
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="WplhKdTI2c8ulnbP"
Content-Disposition: inline
In-Reply-To: <s029f30d.027@stgeorge.com.au>

--WplhKdTI2c8ulnbP
Content-Type: text/plain; charset=windows-1251
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Feb 11, 2004 at 09:16:40AM +1100, Tim Eddy wrote:
> Marc,
>=20
> If we remove the default exemptions for Kerberos & RSVP from IPSEC with
> the "NoDefaultExempt" registry key, this still passes IKE. Therefore is
> IKE vulnerable to the ASN bug?

It would appear that it is indeed.  The Internet Key Exchange protocol
is defined in RFC 2409, and section 5.2, "Phase 1 Authentication With
Public Key Encryption", states that "RSA encryption MUST be encoded in
PKCS #1 format".  The PKCS #1 standard always uses ASN.1 to encode
the keys and signature schemes used.

G'luck,
Peter

--=20
Peter Pentchev	roam@ringlet.net    roam@sbnd.net    roam@FreeBSD.org
PGP key:	http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint	FDBA FD79 C26F 3C51 C95E  DF9E ED18 B68D 1619 4553
If this sentence didn't exist, somebody would have invented it.

--WplhKdTI2c8ulnbP
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)

iD8DBQFAKhkb7Ri2jRYZRVMRAoopAJ0YMxmvS3M9JuuO9V66ryDd9I/9LwCgnFDo
8yFPvNp3uO/EFl5rM+epCzA=
=0s8d
-----END PGP SIGNATURE-----

--WplhKdTI2c8ulnbP--

home help back first fref pref prev next nref lref last post