... > In order to trigger the ASN.1 vulnerabilities an attacker has > to be able > to get the target machine to invoke its BER decoding capabilities. I have read a good number of the posts here regarding this vulnerability and have seen references to NTLM etc. as a pathway for attack. What about SNMP?, it certainly uses ASN.1. Does MS's SNMP stack not use this DLL? - Must check. > I > certainly don't know the details -- maybe someone here does? > -- but it's > gotta be a little difficult to send a random network packet to get a > desktop machine (that is, not a domain controller or an AD server or > something) and get it to invoke MSASN1. > > I can imagine lots of attacks that require user intervention > to hit this > one (like opening a hostile SSL-based web site) -- but can this be > triggered without user intervention? > > thanks for more info -- tbird > Like the others, SNMP should never pass the perimeter defences, but we are talking about the same internet that got hit by blaster, SQL-Slammer etc. I'm still occasionally finding it difficult to get some admins to operate a 'default deny' stance on inbound ports, let alone outbound.
