OpenSSL.ECDH.Use.After.Free.Remote.Code.Execution
Description
This indicates an attack attempt to exploit a remote Code Execution vulnerability in OpenSSL.
The vulnerability is due to an error when handling out of order handshaking messages. An attacker can exploit this by sending a maliciously crafted handshaking message sequence. As a result it may be possible to execute arbitrary code within the context of the application.
Affected Products
OpenSSL Project OpenSSL version 0.9.8 to 0.9.8s
OpenSSL Project OpenSSL version 1.0.0 to 1.0.0d
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Upgrade to the latest version available from the website.
http://www.openssl.org/source/
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |