Threat Encyclopedia

OpenSSL.Get.Shared.Ciphers.Buffer.Overflow

description-logoDescription

This indicates an attempt to exploit a Buffer Overflow vulnerability in OpenSSL.
The vulnerability is a result of errors in the "SSL_get_shared_ciphers()" function. An attacker with the ability to supply a specially crafted list of ciphers can execute code in the context of the application using the vulnerable function.

affected-products-logoAffected Products

OpenSSL 0.9.7 before 0.9.7l
OpenSSL 0.9.8 before 0.9.8d, and earlier versions.

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Upgrade to OpenSSL 0.9.8d or 0.9.7l, or to the most recent version.
http://www.openssl.org/

CVE References

CVE-2007-5135 CVE-2006-3738