A vulnerability in the Microsoft Secure Sockets Layer library could allow a remote attacker to cause a denial-of-service condition on an affected system.
The Secure Sockets Layer (SSL) protocol is commonly used to provide authentication, encryption, integrity, and non-repudiation services to network applications such as HTTP, IMAP, POP3, LDAP, and others. The Microsoft Secure Sockets Layer library contains support for SSL and a number of other secure communication protocols.
A flaw exists in the process used by the SSL Library to check message inputs, specifically in the handling of some malformed SSL messages. This flaw results in a vulnerability that could allow a remote attacker to cause a denial-of-service condition on the affected system. An attacker with the ability to send a specially crafted malformed messages to an SSL-enabled service or program could exploit this vulnerability. Microsoft provides the following description of configurations that are vulnerable:
All systems that have SSL enabled are vulnerable. Although SSL is generally associated with Internet Information Services by using HTTPS and port 443, any service that implements SSL on an affected platform is likely to be vulnerable. This includes but is not limited to Internet Information Services 4.0, Internet Information Services 5.0, Internet Information Services 5.1, Exchange Server 5.5, Exchange Server 2000, Exchange Server 2003, Analysis Services 2000 (included with SQL Server 2000), and any third-party programs that use SSL.
Windows 2000 domain controllers that are installed in an Active Directory domain that also has an Enterprise Root certification authority installed are affected by this vulnerability because they automatically listen for secure SSL connections.
A remote attacker could cause the affected system to stop accepting SSL connections (for systems running Windows 2000 and Windows XP) or automatically restart (for systems running Windows Server 2003).
Apply a patch from the vendor
Impact of Workaround: If ports 443 or 636 are blocked, the affected systems can no longer accept external connections using SSL or LDAPS.
Thanks to Microsoft Security for reporting this vulnerability. Microsoft, in turn, credits John Lampe of Tenable Network Security for reporting this issue to them.
This document was written by Chad R Dougherty based on information provided in Microsoft Security Bulletin MS04-011.
|Date First Published:||2004-04-14|
|Date Last Updated:||2004-04-14 15:47 UTC|