[Dshield] New MS vulnerabilitity
Johannes B. Ullrich
jullrich at sans.org
Wed Feb 11 03:01:09 GMT 2004
we started a diary entry for these vulnerabilities earlier today:
and they will be covered in tomorrows webcast.
The SERIOUS vulnerability in this set is the 'ASN.1' vulnerability.
While the advisory is a bit vague on this one, eeye has some
'ASN.1' is essentially used everywhere where you have encryption
being used. So potential attack vectors range from webservers with
SSL, over kerberos servers to ntlm authentication.
so in short: Patch....
On Tue, 2004-02-10 at 19:17, Jon R. Kibler wrote:
> Not an MS expert -- and don't really keep track of all of the latest MS problems, but
> I don't recall hearing anyone discuss this one before now:
> Quoting from above document:
> > Multiple integer overflow vulnerabilities in the Microsoft Windows
> > ASN.1 parser library could allow an unauthenticated, remote attacker
> > to execute arbitrary code with SYSTEM privileges.
> > Description
> > Microsoft Security Bulletin MS04-007 announces a patch for multiple
> > vulnerabilities in the Microsoft Windows ASN.1 library
> > (msasn1.dll). According to information from eEye Digital Security,
> > the vulnerabilities involve integer overflows and other flaws in
> > integer arithmetic.
> Jon R. Kibler
> Chief Technical Officer
> A.S.E.T., Inc.
> Charleston, SC USA
> (843) 849-8214
> Filtered by: TRUSTEM.COM's Email Filtering Service
> No Spam. No Viruses. Just Good Clean Email.
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
CTO SANS Internet Storm Center http://isc.sans.org
phone: (617) 837 2807 jullrich at sans.org
contact details: http://johannes.homepc.org/contact.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20040210/aa831694/attachment.bin
More information about the list