Release DateDec 24, 2011 |
Severityhigh |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates an attempt to exploit a buffer-overflow vulnerability in OpenSSL.Due to poor handling of the client key value during the negotiation of the SSLv2 protocol, a malicious client may be able to execute arbitrary code as the vulnerable server process, or possibly cause a denial-of-service (DoS) attack. |
Affected ProductsOpenSSL 0.9.6d and earlierOpenSSL 0.9.7-beta2 and earlier |
Recommended ActionsUpgrade to OpenSSL version 0.9.6e or later. Recompile all applications using OpenSSL to provide SSL or TLS.Apply the patch for 0.9.7, available from the OpenSSL website: http://www.openssl.org |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2002-0656 |
Reference/shttp://www.securityfocus.com/bid/5363 (BugTraq)http://www.cert.org/advisories/CA-2002-23.html |
