Intrusion PreventionOpenSSL.Get.Shared.Ciphers.Buffer.Overflow
Description
This indicates an attempt to exploit a Buffer Overflow vulnerability in OpenSSL.
The vulnerability is a result of errors in the "SSL_get_shared_ciphers()" function. An attacker with the ability to supply a specially crafted list of ciphers can execute code in the context of the application using the vulnerable function.
Affected Products
OpenSSL 0.9.7 before 0.9.7l
OpenSSL 0.9.8 before 0.9.8d, and earlier versions.
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Upgrade to OpenSSL 0.9.8d or 0.9.7l, or to the most recent version.
http://www.openssl.org/
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2019-11-22 | 15.729 | Name:Openssl. Get. Shared. Ciphers. Buffer. Overflow:OpenSSL. Get. Shared. Ciphers. Buffer. Overflow |
| 2019-05-23 | 14.619 | Sig Added |
| ID | 28078 |
| Created | Jul 26, 2011 |
| Updated | Nov 15, 2021 |
| Risk |
|
| CVE ID | CVE-2007-5135 CVE-2006-3738 |
| Exploit Prediction Score | 96.41% |
| Default Action | drop |
| Active | |
| Affected OS | Windows, Linux, BSD, Solaris, MacOS, Other |
| Affected App | Other |