Intrusion Prevention

OpenSSL.SSLv3.Client.SessionID.Buffer.Overflow

Description

This indicates an attempt to exploit a buffer overflow vulnerability in OpenSSL. Certain versions of OpenSSL contain two vulnerabilities that could lead to buffer overflows. A remote attacker could provide a large client master key or a large session ID in SSL3, causing a buffer overflow. As a result, the attacker may be able to execute arbitrary code on the system.

Affected Products

OpenSSL 0.9.7 beta2 and earlier

Impact

Compromise of affected System or Denial of Service

Recommended Actions

Upgrade OpenSSL to version 0.9.6e or 0.9.7 beta3 or newer.

CVE References

CVE-2002-0656