[Dshield] New MS vulnerabilitity

Johannes B. Ullrich jullrich at sans.org
Wed Feb 11 03:01:09 GMT 2004


we started a diary entry for these vulnerabilities earlier today:
http://isc.sans.org/diary.html

and they will be covered in tomorrows webcast.

The SERIOUS vulnerability in this set is the 'ASN.1' vulnerability.
While the advisory is a bit vague on this one, eeye has some
more details.

'ASN.1' is essentially used everywhere where you have encryption
being used. So potential attack vectors range from webservers with
SSL, over kerberos servers to ntlm authentication.

so in short: Patch....




On Tue, 2004-02-10 at 19:17, Jon R. Kibler wrote:
> Hi,
> 
> Not an MS expert -- and don't really keep track of all of the latest MS problems, but
> I don't recall hearing anyone discuss this one before now:
> 	http://www.us-cert.gov/cas/techalerts/TA04-041A.html
> 
> Quoting from above document:
> >    Multiple integer overflow vulnerabilities in the Microsoft Windows
> >    ASN.1 parser library could allow an unauthenticated, remote attacker
> >    to execute arbitrary code with SYSTEM privileges.
> > 
> > Description
> > 
> >    Microsoft Security Bulletin MS04-007 announces a patch for multiple
> >    vulnerabilities in the Microsoft Windows ASN.1 library
> >    (msasn1.dll).  According to information from eEye Digital Security,
> >    the vulnerabilities involve integer overflows and other flaws in
> >    integer arithmetic. 
> 
> --
> Jon R. Kibler
> Chief Technical Officer
> A.S.E.T., Inc.
> Charleston, SC  USA
> (843) 849-8214
> 
> 
> 
> 
> ==================================================
> Filtered by: TRUSTEM.COM's Email Filtering Service
> http://www.trustem.com/
> No Spam. No Viruses. Just Good Clean Email.
> 
> 
> ______________________________________________________________________
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list
-- 
CTO SANS Internet Storm Center               http://isc.sans.org
phone: (617) 837 2807                          jullrich at sans.org 

contact details: http://johannes.homepc.org/contact.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20040210/aa831694/attachment.bin


More information about the list mailing list