|
|
|
 |
Vulnerability Note VU#258555OpenSSL clients contain a buffer overflow during the SSL3 handshake processOverviewOpenSSL is an open-source implementation of the Secure Sockets Layer (SSL) protocol. A remotely exploitable vulnerability exists in OpenSSL clients that could lead to the execution of arbitrary code on the client's system.I. DescriptionOpenSSL clients using SSLv3 prior to version 0.9.6e and pre-release version 0.9.7-beta2 contain a buffer overflow vulnerability. A malicious server can exploit this by sending a large session ID to the client during the handshake process.II. ImpactA remote attacker may be able to execute arbitrary code on the client system with the privileges of the current user.III. SolutionApply the relevant patches to the OpenSSL client or upgrade to OpenSSL 0.9.6e. Note that applications statically linking to OpenSSL libraries may need to be recompiled with the corrected version of OpenSSL.Systems Affected
Referenceshttp://www.kb.cert.org/vuls/id/102795 Thanks to A.L. Digital Ltd for discovering and reporting on this vulnerability. This document was written by Jason A Rafail and Jeffrey S. Havrilla.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Get Adobe Reader