Info

Disclosure

Apr 13, 2004

Discovery

Unknown

Dates

Exploit

Apr 14, 2004

Solution

Unknown

Description

Windows contains a flaw that may allow a remote denial of service. The issue is triggered when a malformed SSL packet is processed by the Microsoft SSL Library, and will result in loss of availability for the platform.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Availability
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Products

Microsoft Corporation	Windows	2000 SP2
		2000 SP3
		2000 SP4
		XP
		XP SP1
		XP 64-Bit SP1
		XP 64-Bit 2003
		2003 Server x64
		2003 Server

References

Bugtraq ID: 10115
Secunia Advisory ID: 11064
CERT VU: 150236
ISS X-Force ID: 15712 15818
Milw0rm: 176
Exploit Database: 176
CVE ID: 2004-0120 (see also: NVD)
Related OSVDB ID: 5248 5249 5250 5251 5252 5253 5254 5255 5256 5257 5258 5259 5261
SCIP VulDB ID: 601
OVAL ID: 885 886 892
Packet Storm: http://packetstormsecurity.nl/0404-exploits/sslbomb.c
Microsoft Security Bulletin: MS04-011
CIAC Advisory: o-114
US-CERT Cyber Security Alert: TA04-104A

Credit

John Lampe - jwlampenessus.org - Tenable Security

Direct URL: http://osvdb.org/5260

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

Windows

References

Credit