File: 3003.txt

package info (click to toggle)
snort 2.9.7.0-5
  • links: PTS, VCS
  • area: main
  • in suites: buster, sid, stretch
  • size: 55,000 kB
  • ctags: 38,464
  • sloc: ansic: 266,667; sh: 12,508; makefile: 2,908; yacc: 497; perl: 496; lex: 261; sed: 14
file content (67 lines) | stat: -rw-r--r-- 1,437 bytes parent folder | download | duplicates (4)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
Rule:  

--
Sid:
3003

--
Summary:
This event is generated when an attempt is made to exploit a known 
vulnerability in the Microsoft implementation of the ASN.1 Library.

--
Impact:
Serious. Execution of arbitrary code, DoS.

--
Detailed Information:
A buffer overflow condition exists in the Microsoft implementation of
the ASN.1 Library. It may be possible for an attacker to exploit this
condition by sending specially crafted authentication packets to a host
running a vulnerable operating system.

When the taget system decodes the ASN.1 data, exploit code may be included 
in the data that may be excuted on the host with system level privileges. 
Alternatively, the malformed data may cause the service to become 
unresponsive thus causing the DoS condition to occur.

--
Affected Systems:
	Microsoft Windows NT
	Microsoft Windows NT Terminal Server Edition
	Microsoft Windows 2000
	Microsoft Windows XP
	Microsoft Windows 2003

--
Ease of Attack:
Simple. Exploit code exists.

--
False Positives:
None known.

--
False Negatives:
None known.

--
Corrective Action:
Apply the appropriate vendor supplied patches.

--
Contributors:
Sourcefire Research Team
Brian Caswell <bmc@sourcefire.com>
Nigel Houghton <nigel.houghton@sourcefire.com>

--
References:

US-CERT
http://www.us-cert.gov/cas/techalerts/TA04-041A.html

Microsoft
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms04-007.asp

--