ASN.1 and WINS vulerabilities

Today the BBC published one of the most worthless articles on a Windows XP vulnerability (here). Also on the “nearly worthless” list was this one from US-CERT (although it contained quite a bit more technical information). Far and away the best one, though, is this one from Secunia, at least IMHO. Secunia tells you that Kerberos and NTLMv2 authentication can trigger the vulnerability.
Very nearly as scary, at least if you’re running a server, is this WINS vulnerability as reported by Secunia.
Update:
OK, I take it back. The US-CERT Technical Alert gives a good technical overview of the ASN.1 vulnerability, adding SSL and TLS to the list (NTLMv2 and Kerberos) that trigger it.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: