SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips
 

Vulnerability Note VU#150236

Microsoft Windows Secure Sockets Layer (SSL) library vulnerable to DoS

Overview

A vulnerability in the Microsoft Secure Sockets Layer library could allow a remote attacker to cause a denial-of-service condition on an affected system.

I. Description

The Secure Sockets Layer (SSL) protocol is commonly used to provide authentication, encryption, integrity, and non-repudiation services to network applications such as HTTP, IMAP, POP3, LDAP, and others. The Microsoft Secure Sockets Layer library contains support for SSL and a number of other secure communication protocols.

A flaw exists in the process used by the SSL Library to check message inputs, specifically in the handling of some malformed SSL messages. This flaw results in a vulnerability that could allow a remote attacker to cause a denial-of-service condition on the affected system. An attacker with the ability to send a specially crafted malformed messages to an SSL-enabled service or program could exploit this vulnerability. Microsoft provides the following description of configurations that are vulnerable:


    All systems that have SSL enabled are vulnerable. Although SSL is generally associated with Internet Information Services by using HTTPS and port 443, any service that implements SSL on an affected platform is likely to be vulnerable. This includes but is not limited to Internet Information Services 4.0, Internet Information Services 5.0, Internet Information Services 5.1, Exchange Server 5.5, Exchange Server 2000, Exchange Server 2003, Analysis Services 2000 (included with SQL Server 2000), and any third-party programs that use SSL.

    Windows 2000 domain controllers that are installed in an Active Directory domain that also has an Enterprise Root certification authority installed are affected by this vulnerability because they automatically listen for secure SSL connections.


II. Impact

A remote attacker could cause the affected system to stop accepting SSL connections (for systems running Windows 2000 and Windows XP) or automatically restart (for systems running Windows Server 2003).

III. Solution

Apply a patch from the vendor


Microsoft, Inc. has published Microsoft Security Bulletin MS04-011 in response to this issue. Users are strongly encouraged to review this bulletin and apply the patches it refers to.

Workarounds

Microsoft lists the following workaround in MS04-011:

    Microsoft has tested the following workarounds. While these workarounds will not correct the underlying vulnerability, they help block known attack vectors. When a workaround reduces functionality, it is identified below.
    • Block ports 443 and 636 at the firewall

    Port 443 is used to receive SSL traffic. Port 636 is used for LDAP SSL connections (LDAPS). Blocking them at the firewall will help prevent systems that are behind that firewall from attempts to exploit this vulnerability. Other ports may be found that could be used to exploit this vulnerability. However, the ports listed here are the most common attack vectors. Microsoft recommends blocking all unsolicited inbound communication from the Internet to help prevent attacks that may use other ports.

    Impact of Workaround: If ports 443 or 636 are blocked, the affected systems can no longer accept external connections using SSL or LDAPS.


Systems Affected
VendorStatusDate Updated
Microsoft CorporationVulnerable14-Apr-2004

References


http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx

Credit

Thanks to Microsoft Security for reporting this vulnerability. Microsoft, in turn, credits John Lampe of Tenable Network Security for reporting this issue to them.

This document was written by Chad R Dougherty based on information provided in Microsoft Security Bulletin MS04-011.

Other Information

Date Public04/13/2004
Date First Published04/14/2004 11:47:10 AM
Date Last Updated04/14/2004
CERT Advisory 
CVE-ID(s)CAN-2004-0120
NVD-ID(s)CAN-2004-0120
US-CERT Technical Alerts 
Metric6.48
Document Revision4

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2004 Carnegie Mellon University
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader