OpenSSL.SSLv2.Malformed.Client.Key.Buffer.Overflow
Description
This indicates an attempt to exploit a buffer-overflow vulnerability in OpenSSL.
Due to poor handling of the client key value during the negotiation of the SSLv2 protocol, a malicious client may be able to execute arbitrary code as the vulnerable server process, or possibly cause a denial-of-service (DoS) attack.
Affected Products
OpenSSL 0.9.6d and earlier
OpenSSL 0.9.7-beta2 and earlier
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Upgrade to OpenSSL version 0.9.6e or later. Recompile all applications using OpenSSL to provide SSL or TLS.
Apply the patch for 0.9.7, available from the OpenSSL website:
http://www.openssl.org
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |