SSLv2.Openssl.Get.Shared.Ciphers.Overflow.Attempt
Description
This indicates an attempt to exploit a buffer-overflow vulnerability in the SSL_get_shared_ciphers() function in OpenSSL.
An attacker with the ability to supply a specially crafted list of ciphers can execute code in the context of an application using the vulnerable function.
Affected Products
OpenSSL 0.9.7 before 0.9.7l
OpenSSL 0.9.8 before 0.9.8d, and earlier versions.
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Upgrade to at least OpenSSL 0.9.8d or 0.9.7l.
http://www.openssl.org/
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |