MS04-011 SSL Remote DoS PoC

[David Barroso Berrueta <dbarroso () s21sec com>]

Hi,
when looking recently for vulnerabilities in the Microsoft SSL code we
have found the DoS described in the lastest Microsoft Security Bulletin
MS04-011.

We've only tested this PoC on Windows 2000 running IIS 5.0, but as the 
bulletin says, other applications using SSL and other windows versions 
could be affected.

Attached is the proof of concept, crashing the LsaSrv in the remote
server.

Authors:
David Barroso Berrueta <dbarroso () s21sec com>
Alfredo Andres Omella <aandres () s21sec com>

Attachment: sslbomb.c
Description: