ASN.1 and WINS vulerabilities

Today the BBC published one of the most worthless articles on a Windows XP vulnerability (here). Also on the “nearly worthless” list was this one from US-CERT (although it contained quite a bit more technical information). Far and away the best one, though, is this one from Secunia, at least IMHO. Secunia tells you that Kerberos and NTLMv2 authentication can trigger the vulnerability.

Very nearly as scary, at least if you’re running a server, is this WINS vulnerability as reported by Secunia.

Update:

OK, I take it back. The US-CERT Technical Alert gives a good technical overview of the ASN.1 vulnerability, adding SSL and TLS to the list (NTLMv2 and Kerberos) that trigger it.

Leave a Comment