[33820] in bugtraq
Re: ASN.1 telephony critical infrastructure warning - VOIP
daemon@ATHENA.MIT.EDU (Michael H. Warfield)
Wed Feb 18 18:34:40 2004
Date: Tue, 17 Feb 2004 21:29:38 -0500
From: "Michael H. Warfield" <mhw@wittsend.com>
To: Gadi Evron <ge@egotistical.reprehensible.net>
Cc: bugtraq@securityfocus.com, full-disclosure@lists.netsys.com,
Zak Dechovich <ZakGroups@secureol.com>
Message-ID: <20040218022938.GB18932@alcove.wittsend.com>
Mail-Followup-To: Gadi Evron <ge@egotistical.reprehensible.net>,
bugtraq@securityfocus.com, full-disclosure@lists.netsys.com,
Zak Dechovich <ZakGroups@secureol.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="DBIVS5p969aUjpLe"
Content-Disposition: inline
In-Reply-To: <40323551.5070603@egotistical.reprehensible.net>
--DBIVS5p969aUjpLe
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Tue, Feb 17, 2004 at 05:37:53PM +0200, Gadi Evron wrote:
> I apologize, but I am using these mailing lists to try and contact the=20
> different */CERT teams for different countries.
Then contact FIRST.
Forum of Incident Reaction Security Teams.
<http://www.first.org>
Many, if not most, CERTs are members.
> As we all know, ASN.1 is a new very easy to exploit vulnerability. It=20
> attacks both the server and the end user (IIS and IE).
> We expect a new massive worm to come out exploiting this vulnerability=20
> in the next few days.
This I seriously doubt. We have no indicators leading in that
direction.
> Why should this all interest you beyond it being the next blaster?
> ASN is what VOIP is based on, and thus the critical infrastructure for=20
> telephony which is based on VOIP.
No. ASN.1 (not ASN) may be used in VoIP, but it's not what it's
"based on". I won't rehash what other have refuted, here. If it's
possible, it's likely we'll see other indicators pointing in that
direction.
> This may be a false alarm, but you know how worms find their way into=20
> every network, private or public. It could (maybe) potentially bring the=
=20
> system down.
> I am raising the red flag, better safe than sorry.
Better to be informed than alarmist.
> The two email messages below are from Zak Dechovich and myself on this=20
> subject, to TH-Research (The Trojan Horses Research Mailing List). The=20
> original red flag as you can see below, was raised by Zak. Skip to his=20
> message if you like.
> Gadi Evron.
:
Mike
--=20
Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com
/\/\|=3Dmhw=3D|\/\/ | (678) 463-0932 | http://www.wittsend.com/=
mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
--DBIVS5p969aUjpLe
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQCVAwUBQDLOEuHJS0bfHdRxAQFgbgQAs6QjY2rwneLCUvf1TAClfXXVsJvXwQ0D
/mR19OLPN29FCUXCvnLymknWb5LHmyzfux0FF/RZ6y99/2PKTbvRNtiPiMU4q5cM
6kry61BzAj7q8lxC3QxgScfAJ7fEbUItv0dZ20RgX+iIJ1t3n7HX31aUiujWuJNp
jP/7tqysw4c=
=IhiW
-----END PGP SIGNATURE-----
--DBIVS5p969aUjpLe--
