Full Disclosure mailing list archives
MS04-011 SSL Remote DoS PoC
From: David Barroso Berrueta <dbarroso () s21sec com>
Date: Wed, 14 Apr 2004 15:33:30 +0200
Hi, when looking recently for vulnerabilities in the Microsoft SSL code we have found the DoS described in the lastest Microsoft Security Bulletin MS04-011. We've only tested this PoC on Windows 2000 running IIS 5.0, but as the bulletin says, other applications using SSL and other windows versions could be affected. Attached is the proof of concept, crashing the LsaSrv in the remote server. Authors: David Barroso Berrueta <dbarroso () s21sec com> Alfredo Andres Omella <aandres () s21sec com>
Attachment:
sslbomb.c
Description:
Current thread:
- MS04-011 SSL Remote DoS PoC David Barroso Berrueta (Apr 14)