what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

.NET Framework Integer Overflow

.NET Framework Integer Overflow
Posted Jul 26, 2015
Authored by Yorick Koster, Securify B.V.

An integer overflow exists in the System.DirectoryServices.Protocols.Utility class of the .NET Framework. Triggering this issue results in an overflown integer that is used to allocate a buffer on the heap that is too small, resulting in memory corruption. Exploiting this issues appears to be difficult. Consequently, Microsoft has decided to not release a security bulletin.

tags | advisory, overflow, protocol
SHA-256 | 1afa865b50719d016f840d929f46021c297eaaf847046ef8e5bb08fa3a10902d

.NET Framework Integer Overflow

Change Mirror Download
------------------------------------------------------------------------
Integer overflow in .NET Framework
System.DirectoryServices.Protocols.Utility class
------------------------------------------------------------------------
Yorick Koster, May 2015

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
An integer overflow exists in the
System.DirectoryServices.Protocols.Utility class of the .NET Framework.
Triggering this issue results in an overflown integer that is used to
allocate a buffer on the heap that is too small, resulting in memory
corruption. Exploiting this issues appears to be difficult.
Consequently, Microsoft has decided to not release a security bulletin.

------------------------------------------------------------------------
Affected versions
------------------------------------------------------------------------
This issue affects .NET Framework version 4.5 and 4.6. Other versions
are not affected as this issue can only be triggered using large arrays
(> 2GB).

------------------------------------------------------------------------
Fix
------------------------------------------------------------------------
There is currently no fix available for this issue. Microsoft will not
release a security bulletin, it may be fixed in future versions of the
.NET Framework.

[...] [we] are going to pursue this as a candidate for improvement in
future versions, [...] On x86, the feasibility of an attack is mitigated
by the maximum process memory and even on amd64, prevailing
configurations preclude this from being a feasible attack.

------------------------------------------------------------------------
Details
------------------------------------------------------------------------
https://www.securify.nl/advisory/SFY20150501/integer_overflow_in__net_framework_system_directoryservices_protocols_utility_class.html
Login or Register to add favorites

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close