Tuesday, July 19, 2016

Feedly:SANS Internet Storm Center, InfoCON: green. ASN1 Anyone? CVE-2016-5080, (Tue, Jul 19th)

from SANS Internet Storm Center, InfoCON: green

*Queue Back to the Future Music* Over more than a decade ago there was a major discovery in ASN1 that contributed to arguably one of the worst vulnerabilities in a long time. Fast forward *Queue awful fast forward tape music* to 2016 and ASN1 is here again. Please reference this link http://ift.tt/2a3SrFP for the major details as this unfolds regarding CVE-2016-5080.

So far, according to the CERT page [3] for vendors reporting in and so far our winners of the ASN1 award seem to be Objective Systems and Qualcomm Incorporated are reporting impact from  2016-5080">CVE 2016-5080. Honeywell and Hewlett Packard Enterprise are reporting “Not Affected”. Many other vendors are in an unknown state.

Wait Richard, what the h^&& is ASN1? [4] ASN1 is a standard that is jointly maintained and governed by the International Organization for Standardization (ISO), International Electroechnical Commission (IEC), and International Telecommunication Union (ITU-T). It is a syntax notation that makes up rules for encoding, transmitting, and decoding data [4]. Basically, it does A LOT of stuff and it is EVERYWHERE *a slightly panicked tone*.

Please review this CVE (CVE-2016-5080) and monitor it closely. We at the storm center will monitor this and update it as it unfolds.

[1] http://ift.tt/2aagDoi

[2] http://ift.tt/2a3SrFP

[3] http://ift.tt/29Rofj0

[4] http://ift.tt/1mGpXjX

Web Analytics