Cause of MS SSL DoS attack

From: SanjayR (sanjayr_at_intoto.com)
Date: 11/28/05

  • Next message: Rik Bobbaers: "Re: Randomized Stack"
    Date: Mon, 28 Nov 2005 17:58:58 +0530
    To: vuln-dev@securityfocus.com
    
    

    Hi All;
    I am trying to understand the main cause of DoS for MS SSL vulnerability
    (MS04-011, CAN-2004-0120). Everywhere, I get one information
    that specially malformed SSL messages can cause DoS, but what exactly is
    causing the DoS is not mentioned. After seeing the exploit code, I could
    see that normally, during SSL handshake, client sends available Cipher
    suites to server, which are around 30 (at most). therefore Cipher Suite
    length is at most 60 bytes (in general). but under this attack, i found it
    to be 39729!! there are many unknown types of cipher suites. Is this the
    cause of DoS? I shall be thankful for any information.

    -Sanjay


  • Next message: Rik Bobbaers: "Re: Randomized Stack"

    Relevant Pages

    • Re: Homebanking unter DOS?
      ... >>> Reicht es einen Browser mit SSL zu nutzen? ... > Auch schon mal mit einem anderen Browser unter DOS probiert? ...
      (de.comp.os.msdos)
    • MS04-11, SSL, and ISA Server
      ... Can this DoS be performed against an ISA server which proxies the SSL ... that DoS can be performed against IIS servers using SSL connections. ...
      (NT-Bugtraq)
    • Re: Cause of MS SSL DoS attack
      ... that's the reason for the DoS, MS does not check if the Cipher Suite ... length is a valid value or not, crashing when looking for all the ... > I am trying to understand the main cause of DoS for MS SSL vulnerability ...
      (Vuln-Dev)