ATLAS Attack Report: Global ASN.1 constructed bit string

Attack Report

Global ASN.1 constructed bit string

View:
Activity
Sources

Output:
Print
XML
CSV

Activity (past 24 hours)

By Service

Service	Attacks per subnet	Percentage
TCP/445 (microsoft-ds)	35.29	100.0%
Other	0.00	0.0%

Sources (past 24 hours)

By Country

Country	Attacks per subnet	Percentage
BE (Belgium)	9.07	25.7%
HR (Croatia)	6.90	19.5%
US (United States)	6.15	17.4%
BZ (Belize)	1.98	5.6%
KR (South Korea)	1.06	3.0%
JP (Japan)	0.91	2.6%
CA (Canada)	0.87	2.5%
DE (Germany)	0.81	2.3%
PL (Poland)	0.70	2.0%
CN (China)	0.65	1.8%
Other	6.18	17.5%

By ASN

ASN	Attacks per subnet	Percentage
AS5432 (BELGACOM-SKYNET-AS)	9.07	25.7%
AS35648 (T-MOBILE-HR-AS)	6.90	19.5%
AS10269 (Belize)	1.98	5.6%
AS19262 (VZGNI-TRANSIT)	1.57	4.5%
AS209 (ASN-QWEST)	0.73	2.1%
AS17877 (NEXG-AS-KR)	0.71	2.0%
AS9299 (IPG-AS-AP)	0.61	1.7%
AS3320 (DTAG)	0.57	1.6%
AS577 (BACOM)	0.52	1.5%
AS12322 (PROXAD)	0.47	1.3%
Other	12.16	34.4%

By Host

Host	Attacks per subnet	Percentage
87.252.152.205	6.90	19.5%
190.197.36.52 (btl-new-ip-52.btl.net)	1.98	5.6%
91.178.74.206	1.10	3.1%
211.232.4.171	0.71	2.0%
199.101.14.198	0.70	2.0%
141.158.29.172 (pool-141-158-29-172.phil.east.verizon.net)	0.54	1.5%
71.176.15.131	0.48	1.3%
200.76.148.47	0.46	1.3%
81.241.145.212 (212.145-241-81.adsl-dyn.isp.belgacom.be)	0.39	1.1%
213.179.59.30	0.39	1.1%
Other	21.64	61.3%

Background

Description

ASN.1 constructed bit string

Vulnerabilities

CVE-2005-1935

Age: 1136 days

Severity: High

CVSS Score: 7.0

Heap-based buffer overflow in the BERDecBitString function in Microsoft ASN.1 library (MSASN1.DLL) allows remote attackers to execute arbitrary code via nested constructed bit strings, which leads to a realloc of a non-null pointer and causes the function to overwrite previously freed memory, as demonstrated using a SPNEGO token with a constructed bit string during HTTP authentication, and a different vulnerability than CVE-2003-0818. NOTE: the researcher has claimed that MS:MS04-007 fixes this issue.