Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption

To: "Timothy J.Miller" <cerebus@xxxxxxxxxxxxx>
Subject: Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
From: Florian Weimer <fw@xxxxxxxxxxxxx>
Date: Sat, 14 Feb 2004 17:14:01 +0100
Cc: BUGTRAQ@xxxxxxxxxxxxxxxxx
In-reply-to: <4F66187B-5C9D-11D8-A5F9-00039359BF60@xxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <s029f30d.027@xxxxxxxxxxxxxxx> <4F66187B-5C9D-11D8-A5F9-00039359BF60@xxxxxxxxxxxxx>
User-agent: Mutt/1.5.5.1+cvs20040105i

Timothy J.Miller wrote:

> Is anyone else wondering why MS didn't fix this with the last round of 
> ASN.1 decoding overflow vulnerabilities (remember the SNMP hole)?  It's 
> basically the same problem.

Not really.  AFAIK, they haven't fixed an equivalent to the xdr_array()
integer overflow in the NSVC run-time library, either.  (I was rather
surprised to see an HP-UX advisory on this issue a couple of weeks ago,
though.)

References:
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
  - From: Tim Eddy
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
  - From: Timothy J . Miller

Prev by Date: Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
Next by Date: YABB information leakage on failed login
Previous by thread: Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
Next by thread: Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
Index(es):
- Date
- Thread