Re: Cause of MS SSL DoS attack

[David Barroso <dbarroso () s21sec com>]

Hello SanjayR,
that's the reason for the DoS, MS does not check if the Cipher Suite
length is a valid value or not, crashing when looking for all the
non-existent ciphers.

Regards

On lun, 2005-11-28 at 17:58 +0530, SanjayR wrote:
> Hi All;
> I am trying to understand the main cause of DoS for MS SSL vulnerability 
> (MS04-011, CAN-2004-0120). Everywhere, I get one information 
> that  specially malformed SSL messages can cause DoS, but what exactly is 
> causing the DoS is not mentioned. After seeing the exploit code, I could 
> see that normally, during SSL handshake, client sends available Cipher 
> suites to server, which are around 30 (at most). therefore Cipher Suite 
> length is at most 60 bytes (in general). but under this attack, i found it 
> to be 39729!! there are many unknown types of cipher suites. Is this the 
> cause of DoS? I shall be thankful for any information.
>
> -Sanjay 
> .