[Dshield] New MS vulnerabilitity (OT)

Al Reust areust at comcast.net
Wed Feb 11 06:39:36 GMT 2004

Hi Jon

This is not pointed at you, rather "All of Us," yes it has been a very long 
day. You addressed a point which is on the close edge of, one of my most 
favorite pet peeves. To an extent most All of us have the same 
concerns/opinions, it provides nothing constructive..

I look at this and then have to say something say, simple but wordy. It is 
easy to say it does not happen to "My OS" and point the finger in that 
direction.  We all have favorite links that we can point to and say "yes it 
does." The bad side effect is that "We" (OS independent or dependent {as 
you like}) have to deal with it on a daily basis. It seems there is no end. 
There is nothing positive or informative about that.

For some it is easier the further back in computing they go, they can 
relate to the first beginnings. You had to deal with "users" which expect 
something to "work," You just had to deliver it. You have to deal with 
developers that created the "lefthanded what-u-maycallit" that (they 
thought) the user requested.. You have to now make it 
work/explain/troubleshoot. You become the middle man between the User and 
the Programmer. You have to try to explain in terms that both can 
understand. Otherwise can anyone say "shortcuts," "workarounds?" You can 
Google for them and find many interesting things/stories if you have the 
time to read them all. It is Great for a Laugh in these Hard Times.

That journey has been additionally, complicated by "users" that decided 
"they" could build the better mouse-trap; and took time to build it (no 
they are not programmers, just Users with a bad idea and good intent). You 
had to help them define/Fix it. So whether "hobby," "part-time" or 
"professional" programmers all had the idea that they could program the 
better mousetrap. They Proved It!!!! We have to Deal With It! It is Full of 
Holes that any number of things can get through.

What this is all about is that most programming started where "security" 
was not a concern. The Internet started when there was no "security" 
concern, everyone knew everyone (it was Private destined for other places). 
No one could have ever guessed that besides "users" someone else would 
attempt to subvert what was created in "Good Intent" for the "Good and 
Value of All" or what is just needed to get the Job Safely Done.

So whether the simple batch file, cmd script, Fortran, Cobal, Pascal, C, 
C++, Visual C (etc), Assembly, TCL, PHP, Bash, Macro's ad Infinitum. From 
the Top Down or the Bottom Up. The programmer had a purpose and a goal. 
Open Source now means that people with no training now can contribute 
something that has no "security checks." Those that have training can make 
the same mistakes (they all often do). Programmers are Human! Mistooks 
Happen! How quickly we recover is today's test.

So as the battlefield is littered with Trojans, Worms, Virii and Crappy 
Programming, and Then you get ready to do the your next script to do 
something required and useful.  Have you put in error checking? Have you 
looked at security (no one is going to use this script but "Me" so I can 
hard code the "Administrator/Root" and the Password), and when you share 
it.... How much worse will things be? You provided an example that supports 
the very thing that "Everyone" is now Screaming to have Fixed. It happens 
when you tell the script to SU, or RUNas Administrator and then walk away 
or go to bed. You did not look at authentication/permissions/ACL's/etc or 
trap the errors. Sloppy Nix historically has been installed to allow 
home\users\username "World" Write/Execute, Win has "Everyone" with full 
privileges, thus RootKits and other nasties "happen.." Just Pick One! There 
are thousands.

Those are things that "Administrators/Programmers" abuse to make the User 
Happy! So where is the education about what is safe, sane and secure 
programming/computing. It is not there. It has to start somewhere! It 
should start with each one of us.. To provide the example. To take time to 
fix the permissions, then "what ever" can, run at a lower level will. If it 
is done correctly then it is easy to replicate, or restore from backup. 
That time may be of more Value than Lost Users, Time, Money and/or 
Explaining why you are looking for a New Job. Over the Decades, I can name 
many names that thought shortcuts were the "answer," in most cases they did 
not turn out to be the "Solution." We can all point to Six people that "we" 
thought were Morons for the expen$ive answers they gave (which caused "us" 
more work). Be Proactive, not Reactive!

Are Linus or Mr Bill truly responsible or You the Administrator. Did You do 
"everything" that You could, to mitigate the risk? There is no easy answer, 
that is why Places like the DShield list exist. The "Successful" sharing of 
information. You can be part of the solution or part of the problem.. The 
choice is Yours!

The Buck Should Stop Here! You are training your replacement(s).. Someday 
he/she/they could hate You.

Sins of Omission or Comedy Relief:
I am sorry, I did not say anything about the "Mac" (in spite of the port of 
Nix), it is still only smart enough to use One Button on the Mouse (some 
have stated that, more than one button on the mouse is beyond Human 
Capability). But then "we" could say the M$ lawsuit over the GUI and/or the 
X-Windows interface. Who Won? All three are using "it" in various 
forms/implementations. Two of the three use more than two buttons (plus 

Scrape (as the Soapbox gets put away)


At 07:17 PM 2/10/2004 -0500, you wrote:
>Not an MS expert -- and don't really keep track of all of the latest MS 
>problems, but
>I don't recall hearing anyone discuss this one before now:
>         http://www.us-cert.gov/cas/techalerts/TA04-041A.html
>Quoting from above document:
> >    Multiple integer overflow vulnerabilities in the Microsoft Windows
> >    ASN.1 parser library could allow an unauthenticated, remote attacker
> >    to execute arbitrary code with SYSTEM privileges.
> >
> > Description
> >
> >    Microsoft Security Bulletin MS04-007 announces a patch for multiple
> >    vulnerabilities in the Microsoft Windows ASN.1 library
> >    (msasn1.dll).  According to information from eEye Digital Security,
> >    the vulnerabilities involve integer overflows and other flaws in
> >    integer arithmetic.
>Jon R. Kibler
>Chief Technical Officer
>A.S.E.T., Inc.
>Charleston, SC  USA
>(843) 849-8214
>Filtered by: TRUSTEM.COM's Email Filtering Service
>No Spam. No Viruses. Just Good Clean Email.
>list mailing list
>list at dshield.org
>To change your subscription options (or unsubscribe), see: 

More information about the list mailing list