RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
On Tue, 10 Feb 2004, Rainer Gerhards wrote:
> And that the server is more likely to be attacked is just an assumption
> - in the days of class A vuln sweeps and random worm scans, I don't
> think that servers are at most risk. In fact, I think the unprotected
> home machines are...
>
Yes, but...
In order to trigger the ASN.1 vulnerabilities an attacker has to be able
to get the target machine to invoke its BER decoding capabilities. I
certainly don't know the details -- maybe someone here does? -- but it's
gotta be a little difficult to send a random network packet to get a
desktop machine (that is, not a domain controller or an AD server or
something) and get it to invoke MSASN1.
I can imagine lots of attacks that require user intervention to hit this
one (like opening a hostile SSL-based web site) -- but can this be
triggered without user intervention?
thanks for more info -- tbird