Marc,
If we remove the default exemptions for Kerberos & RSVP from IPSEC with the "NoDefaultExempt" registry key, this still passes IKE. Therefore is IKE vulnerable to the ASN bug?
Very likely, as IKE data is marshaled into ASN.1 format. The fun part about ASN.1 is it's so damn useful you tend to use it *everywhere*.
Is anyone else wondering why MS didn't fix this with the last round of ASN.1 decoding overflow vulnerabilities (remember the SNMP hole)? It's basically the same problem.
-- Cerebus
