[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 63/04 - Microsoft - Multiple Vulnerabilities in Microsoft ASN.1 Library


- ----------------------------------------------------------------------------------
    UNIRAS (UK Govt CERT) Briefing Notice - 63/04 dated 11.02.04  Time: 08:52  
  UNIRAS is part of NISCC(National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Multiple Vulnerabilities in Microsoft ASN.1 Library


Hash: SHA1

Multiple Vulnerabilities in Microsoft ASN.1 Library

   Original issue date: February 10, 2004
   Last revised: --
   Source: US-CERT

   A complete revision history is at the end of this document.

Systems Affected

     * Microsoft Windows NT 4.0
     * Microsoft Windows NT 4.0 TSE
     * Microsoft Windows 2000
     * Microsoft Windows XP
     * Microsoft Windows Server 2003


   Multiple integer overflow vulnerabilities in the Microsoft Windows
   ASN.1 parser library could allow an unauthenticated, remote attacker
   to execute arbitrary code with SYSTEM privileges.


   Microsoft Security Bulletin MS04-007 announces a patch for multiple
   vulnerabilities in the Microsoft Windows ASN.1 library
   (msasn1.dll).  According to information from eEye Digital Security,
   the vulnerabilities involve integer overflows and other flaws in
   integer arithmetic. The latest version of this document can be
   found at


   Additional information is available in two vulnerability notes:

   VU#216324 - Microsoft ASN.1 Library improperly decodes malformed ASN.1
   length values
   (Other resources: AD20040210, MS04-007, CAN-2003-0818) 

   VU#583108 - Microsoft ASN.1 Library improperly decodes constructed bit
   (Other resources: AD20040210-2, MS04-007, CAN-2003-0818) 

   eEye has published two detailed advisories on these issues: AD20040210
   and AD20040210-2.

   Any application that loads the ASN.1 library could serve as an attack
   vector. In particular, ASN.1 is used by a number of cryptographic and
   authentication services such as digital certificates (x.509),
   Kerberos, NTLMv2, SSL,and TLS. Both client and server systems are
   affected. The Local Security Authority Subsystem (lsass.exe) and a
   component of the CryptoAPI (crypt32.dll) use the vulnerable ASN.1


   An unauthenticated, remote attacker could execute arbitrary code with
   the privileges of the process using the ASN.1 library. In the case of
   most server and authentication applications, an attacker could gain
   SYSTEM privileges.


Apply a patch

   Apply the appropriate patch as specified by Microsoft Security
   Bulletin MS04-007.

Vendor Information

   This appendix contains information provided by vendors. When vendors
   report new information, this section is updated and the changes are
   noted in the revision history. If a vendor is not listed below, we
   have not received their comments.


     Please see Microsoft Security Bulletin MS04-007.


     * Vulnerability Note VU#216324 -
     * Vulnerability Note VU#583108 -
     * eEye Digital Security Advisory AD20040210 -
     * eEye Digital Security Advisory AD20040210-2 -
     * Microsoft Security Bulletin MS04-007 -
     * Microsoft Knowledge Base Article 252648 -

   These vulnerabilities were researched and reported by eEye Digital
   Security. Information from eEye and Microsoft was used in this

   Feedback can be directed to the author, Art Manion.

   Copyright 2004 Carnegie Mellon University.

   Revision History

   February 10, 2004: Initial release

- - - -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

- - - -----END PGP SIGNATURE-----

- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via EMail 
to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 20 7821 1330 Ext 4511
Fax: +44 (0) 20 7821 1686

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 20 7821 1330 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Microsoft and US-CERT for the 
information contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

Version: PGP 8.0