virus logo Intrusion Prevention

SSLv2.Get.Shared.Ciphers.Overflow

description-logoDescription

This indicates an attack attempt against a buffer-overflow vulnerability in OpenSSL.
The vulnerability is in the "SSL_get_shared_ciphers" function. It allows a remote attacker to execute arbitrary code via sending a crafted SSL Handshake packet.

affected-products-logoAffected Products

OpenSSL Project OpenSSL 0.9.8 e
OpenSSL Project OpenSSL 0.9.8 d
OpenSSL Project OpenSSL 0.9.8 c
OpenSSL Project OpenSSL 0.9.8 b
OpenSSL Project OpenSSL 0.9.8 a
OpenSSL Project OpenSSL 0.9.8
OpenSSL Project OpenSSL 0.9.7 m
OpenSSL Project OpenSSL 0.9.7 l
OpenSSL Project OpenSSL 0.9.7 k
OpenSSL Project OpenSSL 0.9.7 j
OpenSSL Project OpenSSL 0.9.7 i
OpenSSL Project OpenSSL 0.9.7 h
OpenSSL Project OpenSSL 0.9.7 g
OpenSSL Project OpenSSL 0.9.7 f
OpenSSL Project OpenSSL 0.9.7 e
OpenSSL Project OpenSSL 0.9.7 d
OpenSSL Project OpenSSL 0.9.7 c
OpenSSL Project OpenSSL 0.9.7 beta3
OpenSSL Project OpenSSL 0.9.7 beta2
OpenSSL Project OpenSSL 0.9.7 beta1
OpenSSL Project OpenSSL 0.9.7 b
OpenSSL Project OpenSSL 0.9.7 a
OpenSSL Project OpenSSL 0.9.7

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Upgrade to the latest version, available from the following web site:
http://www.openssl.org/source/openssl-0.9.8f.tar.gz

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)
ID 15023
Created Dec 13, 2007
Updated Nov 15, 2021
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2007-5135
Exploit Prediction Score 57.57%
Default Action drop
Active
Affected OS Windows, Linux, BSD, Solaris, MacOS
Affected App Other