Re: Cause of MS SSL DoS attack

From: David Barroso (dbarroso_at_s21sec.com)
Date: 11/29/05 

To: SanjayR <sanjayr@intoto.com>
Date: Tue, 29 Nov 2005 08:52:20 +0100

Hello SanjayR,
that's the reason for the DoS, MS does not check if the Cipher Suite
length is a valid value or not, crashing when looking for all the
non-existent ciphers.

Regards

On lun, 2005-11-28 at 17:58 +0530, SanjayR wrote:
> Hi All;
> I am trying to understand the main cause of DoS for MS SSL vulnerability
> (MS04-011, CAN-2004-0120). Everywhere, I get one information
> that specially malformed SSL messages can cause DoS, but what exactly is
> causing the DoS is not mentioned. After seeing the exploit code, I could
> see that normally, during SSL handshake, client sends available Cipher
> suites to server, which are around 30 (at most). therefore Cipher Suite
> length is at most 60 bytes (in general). but under this attack, i found it
> to be 39729!! there are many unknown types of cipher suites. Is this the
> cause of DoS? I shall be thankful for any information.
>
> -Sanjay
> .
>
>

Relevant Pages

  • Cause of MS SSL DoS attack
    ... I am trying to understand the main cause of DoS for MS SSL vulnerability ... that specially malformed SSL messages can cause DoS, ... therefore Cipher Suite ...
    (Vuln-Dev)
  • Re: new unpublished SSH exploit ?
    ... It's not even a DoS because it happens when the program intentionally ... it seems to be nothing more than crashing a crashing ... this is deep down in the buffer-handling code and limits on ... but the OpenSSH guys seem to be kinda worried... ...
    (comp.security.ssh)
  • Re: Homebanking unter DOS?
    ... >>> Reicht es einen Browser mit SSL zu nutzen? ... > Auch schon mal mit einem anderen Browser unter DOS probiert? ...
    (de.comp.os.msdos)
  • MS04-11, SSL, and ISA Server
    ... Can this DoS be performed against an ISA server which proxies the SSL ... that DoS can be performed against IIS servers using SSL connections. ...
    (NT-Bugtraq)