[Full-disclosure] help analysing asn overflow
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Fri Sep 21 20:38:41 BST 2007
On Sat, 22 Sep 2007 00:49:30 +0530, Code Breaker said:
> i am trying to analyse the old asn integer overflow.Can anyone guide me
> towards right direction?which function contains the vulnerable code?is it
> asn1_decode?
It's not "the old asn integer", it's "one of the old asn integer"...
There were about a zillion and a half different places in that code that
were exploitable, because actual error checking was, like, a foreign language
to that crew when they wrote it originally.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070921/f97f110b/attachment.bin
Full-Disclosure is hosted and sponsored by Secunia.