Intrusion Prevention

OpenSSL.Ssl3_get_key_exchange.Memory.Corruption

Description

This indicates an attack attempt against a memory-corruption vulnerability in OpenSSL library.
The vulnerability is caused by an error when the ssl3_get_key_exchange function handles a specially crafted server key exchange message. It allows a remote attacker to execute arbitrary code.

Affected Products

OpenSSL version 1.0.0a and prior

Impact

System compromise: Remote attackers can gain control of vulnerable systems.
Denial of service

Recommended Actions

Currently we are not aware of any patches supplied by the vendor for this issue.

CVE References

CVE-2010-2939