On Tue, 10 Feb 2004, Rainer Gerhards wrote: > And that the server is more likely to be attacked is just an assumption > - in the days of class A vuln sweeps and random worm scans, I don't > think that servers are at most risk. In fact, I think the unprotected > home machines are... > Yes, but... In order to trigger the ASN.1 vulnerabilities an attacker has to be able to get the target machine to invoke its BER decoding capabilities. I certainly don't know the details -- maybe someone here does? -- but it's gotta be a little difficult to send a random network packet to get a desktop machine (that is, not a domain controller or an AD server or something) and get it to invoke MSASN1. I can imagine lots of attacks that require user intervention to hit this one (like opening a hostile SSL-based web site) -- but can this be triggered without user intervention? thanks for more info -- tbird
