[33757] in bugtraq
Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
daemon@ATHENA.MIT.EDU (Florian Weimer)
Mon Feb 16 21:52:00 2004
Date: Sat, 14 Feb 2004 17:14:01 +0100
To: "Timothy J.Miller" <cerebus@sackheads.org>
Cc: BUGTRAQ@securityfocus.com
Message-ID: <20040214161401.GA12564@deneb.enyo.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4F66187B-5C9D-11D8-A5F9-00039359BF60@sackheads.org>
From: Florian Weimer <fw@deneb.enyo.de>
Timothy J.Miller wrote:
> Is anyone else wondering why MS didn't fix this with the last round of
> ASN.1 decoding overflow vulnerabilities (remember the SNMP hole)? It's
> basically the same problem.
Not really. AFAIK, they haven't fixed an equivalent to the xdr_array()
integer overflow in the NSVC run-time library, either. (I was rather
surprised to see an HP-UX advisory on this issue a couple of weeks ago,
though.)
