lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Sat, 14 Feb 2004 17:14:01 +0100
From: Florian Weimer <fw@...eb.enyo.de>
To: "Timothy J.Miller" <cerebus@...kheads.org>
Cc: BUGTRAQ@...urityfocus.com
Subject: Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption


Timothy J.Miller wrote:

> Is anyone else wondering why MS didn't fix this with the last round of 
> ASN.1 decoding overflow vulnerabilities (remember the SNMP hole)?  It's 
> basically the same problem.

Not really.  AFAIK, they haven't fixed an equivalent to the xdr_array()
integer overflow in the NSVC run-time library, either.  (I was rather
surprised to see an HP-UX advisory on this issue a couple of weeks ago,
though.)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ