Heap overflow bug in either a widely used ASN.1 library from Objective Systems,
apparently popular with cell-radio industry people. Not sure if this will
leak over into NANOG land -- but neither are you, and that's most of my point.
DO *you* know if this library is used in your routers? Can you find out?
How easily and quickly?
Cheers,
-- jra
Friends don't let friends use asn.1
Mike
Heap overflow bug in either a widely used ASN.1 library from Objective Systems,
apparently popular with cell-radio industry people. Not sure if this will
leak over into NANOG land -- but neither are you, and that's most of my point.DO *you* know if this library is used in your routers? Can you find out?
How easily and quickly?
CERT/CC has published a list of contacted vendors:
http://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=790839&SearchOrder=4
From the timeline:
it is not clear if all vendors have been contacted.
Wonder how to grep for rtxMemHeapAlloc in the possibly encrypted
baseband module firmware.
Marcin