Here are some more details on various things that use ASN.1 http://asn1.elibel.tm.fr/en/uses/rfc.htm -Dan On Tue, 17 Feb 2004, 3APA3A wrote: > Dear Gadi Evron, > > ASN.1 is used by many services, but all use different underlying > protocols. It's not likely NetMeeting or MS ISA server to be primary > attack targets. Attack against MS IPSec implementation, Exchange, > SMB/CIFS, RPC services, IIS and specially IE will no have impact to VoIP > infrastructure (except connectivity degradation because of massive > traffic). And these applications are more likely to be attack target. > > --Tuesday, February 17, 2004, 6:37:53 PM, you wrote to bugtraq@securityfocus.com: > > GE> I apologize, but I am using these mailing lists to try and contact the > GE> different */CERT teams for different countries. > > GE> As we all know, ASN.1 is a new very easy to exploit vulnerability. It > GE> attacks both the server and the end user (IIS and IE). > > GE> We expect a new massive worm to come out exploiting this vulnerability > GE> in the next few days. > > GE> Why should this all interest you beyond it being the next blaster? > > GE> ASN is what VOIP is based on, and thus the critical infrastructure for > GE> telephony which is based on VOIP. > > GE> This may be a false alarm, but you know how worms find their way into > GE> every network, private or public. It could (maybe) potentially bring the > GE> system down. > > GE> I am raising the red flag, better safe than sorry. > > GE> The two email messages below are from Zak Dechovich and myself on this > GE> subject, to TH-Research (The Trojan Horses Research Mailing List). The > GE> original red flag as you can see below, was raised by Zak. Skip to his > GE> message if you like. > > GE> Gadi Evron. > > > > GE> Subject: [TH-research] */CERT people: Critical Infrastructure and ASN.1 > GE> - VOIP [WAS: Re: > GE> [TH-research] OT: naming the fast approaching ASN.1 worm] > > GE> Mail from Gadi Evron <ge@linuxbox.org> > > GE> All the */CERT people on the list: > GE> If you haven't read the post below, please do. > > GE> Anyone checked into the critical infrastructure survivability of an ASN > GE> worm hitting? phone systems could possibly go down. We all know how > GE> worms find their way into any network, private or otherwise. and VOIP > GE> systems (which phone systems are based on nowadays) could go down. > > GE> Heads-up! Finds them contingency plans.. :o) > > GE> Any information would be appreciated, or if you need more information > GE> from us: +972-50-428610. > > GE> Gadi Evron. > > > GE> Zak Dechovich wrote: > > >> Mail from Zak Dechovich <ZakGroups@SECUREOL.COM> > >> > >> May I suggest the following: > >> > >> ASN1 is mainly used for the telephony infrastructure (VoIP), > >> any code that attacks this infrastructure can be assigned with 'VoIP' > >> prefix, followed by the attacked vendor (cisco, telrad, microsoft, etc.). > >> > >> for example, if (when) Microsoft's h323 stack will be attacked, the name > >> should be VoIP.ms323.<variant>, or if Cisco's gatekeepers will crash, > GE> lets > >> call it VoIP.csgk.<variant> > >> > >> Your thoughts ? > >> > >> Zak Dechovich, > >> > >> Zak Dechovich, > >> Managing Director > >> SecureOL Ltd. > >> Mobile: +972 (53) 828 656 > >> Office: +972 (2) 675 1291 > >> Fax: +972 (2) 675 1195 > > GE> - > GE> TH-Research, the Trojan Horses Research mailing list. > GE> List home page: http://ecompute.org/th-list > > GE> _______________________________________________ > GE> Full-Disclosure - We believe in it. > GE> Charter: http://lists.netsys.com/full-disclosure-charter.html > > > -- > ~/ZARAZA > Ñýð Èñààê Íüþòîí îòêðûë, ÷òî ÿáëîêè ïàäàþò íà çåìëþ. (Òâåí) > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > -Daniel Uriah Clemens Esse quam videra (to be, rather than to appear) -Moments of Sorrow are Moments of Sobriety { o)2059686335 c)2055676850 }
