[Full-Disclosure] MS04-011 SSL Remote DoS PoC
David Barroso Berrueta
dbarroso at s21sec.com
Wed Apr 14 14:33:30 BST 2004
Hi,
when looking recently for vulnerabilities in the Microsoft SSL code we
have found the DoS described in the lastest Microsoft Security Bulletin
MS04-011.
We've only tested this PoC on Windows 2000 running IIS 5.0, but as the
bulletin says, other applications using SSL and other windows versions
could be affected.
Attached is the proof of concept, crashing the LsaSrv in the remote
server.
Authors:
David Barroso Berrueta <dbarroso at s21sec.com>
Alfredo Andres Omella <aandres at s21sec.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sslbomb.c
Type: text/x-csrc
Size: 12133 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040414/da4c04fe/attachment.bin
Full-Disclosure is hosted and sponsored by Secunia.