OpenSSL.SSLv2.Malformed.Client.Key.Buffer.Overflow

description-logoDescription

This indicates an attempt to exploit a buffer-overflow vulnerability in OpenSSL.
Due to poor handling of the client key value during the negotiation of the SSLv2 protocol, a malicious client may be able to execute arbitrary code as the vulnerable server process, or possibly cause a denial-of-service (DoS) attack.

affected-products-logoAffected Products

OpenSSL 0.9.6d and earlier
OpenSSL 0.9.7-beta2 and earlier

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Upgrade to OpenSSL version 0.9.6e or later. Recompile all applications using OpenSSL to provide SSL or TLS.
Apply the patch for 0.9.7, available from the OpenSSL website:
http://www.openssl.org

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)