Cause of MS SSL DoS attack

From: SanjayR (sanjayr_at_intoto.com)
Date: 11/28/05

  • Next message: Rik Bobbaers: "Re: Randomized Stack"
    Date: Mon, 28 Nov 2005 17:58:58 +0530
    To: vuln-dev@securityfocus.com
    
    

    Hi All;
    I am trying to understand the main cause of DoS for MS SSL vulnerability
    (MS04-011, CAN-2004-0120). Everywhere, I get one information
    that specially malformed SSL messages can cause DoS, but what exactly is
    causing the DoS is not mentioned. After seeing the exploit code, I could
    see that normally, during SSL handshake, client sends available Cipher
    suites to server, which are around 30 (at most). therefore Cipher Suite
    length is at most 60 bytes (in general). but under this attack, i found it
    to be 39729!! there are many unknown types of cipher suites. Is this the
    cause of DoS? I shall be thankful for any information.

    -Sanjay


  • Next message: Rik Bobbaers: "Re: Randomized Stack"