Microsoft Windows SSL DoS

2004-04-13T17:50:33
ID OSVDB:5260
Type osvdb
Reporter John Lampe(jwlampe@nessus.org)
Modified 2004-04-13T17:50:33

Description

Vulnerability Description

Windows contains a flaw that may allow a remote denial of service. The issue is triggered when a malformed SSL packet is processed by the Microsoft SSL Library, and will result in loss of availability for the platform.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Short Description

Windows contains a flaw that may allow a remote denial of service. The issue is triggered when a malformed SSL packet is processed by the Microsoft SSL Library, and will result in loss of availability for the platform.

References:

US-CERT Cyber Security Alert: TA04-104A Secunia Advisory ID:11064 Related OSVDB ID: 5261 Related OSVDB ID: 5251 Related OSVDB ID: 5254 Related OSVDB ID: 5255 Related OSVDB ID: 5256 Related OSVDB ID: 5249 Related OSVDB ID: 5257 Related OSVDB ID: 5248 Related OSVDB ID: 5250 Related OSVDB ID: 5252 Related OSVDB ID: 5253 Related OSVDB ID: 5258 Related OSVDB ID: 5259 Packet Storm: http://packetstormsecurity.nl/0404-exploits/sslbomb.c OVAL ID: 885 OVAL ID: 886 OVAL ID: 892 Nessus Plugin ID:12209 Microsoft Security Bulletin: MS04-011 ISS X-Force ID: 15818 ISS X-Force ID: 15712 CVE-2004-0120 CIAC Advisory: o-114 CERT VU: 150236 Bugtraq ID: 10115