|
|
| |
|
| |
OpenSSL remotely-exploitable buffer overflow vulnerabilities
| Package(s): | OpenSSL |
CVE #(s): | CAN-2002-0655
CAN-2002-0656
CAN-2002-0657
CAN-2002-0659
|
| Created: | July 30, 2002 |
Updated: | September 24, 2002 |
| Description: |
Four remotely-exploitable buffer overflows were found in OpenSSL versions 0.9.7 and 0.9.6d and earlier by a DARPA sponsored security audit.
Both client and server applications are affected.
The vulnerabilities are described in this security alert from the OpenSSL team.
A nasty exploit for one of the vulnerabilities is described in
CERT Advisory CA-2002-27 Apache/mod_ssl Worm.
Compromise by the Apache/mod_ssl worm indicates that a remote attacker
can execute arbitrary code as the apache user on the victim system. It
may be possible for an attacker to subsequently leverage a local
privilege escalation exploit in order to gain root access to the
victim system. Furthermore, the DDoS capabilities included in the
Apache/mod_ssl worm allow victim systems to be used as platforms to
attack other systems.
If you haven't already, applying an update is a very good thing
to do today.
Mitel Networks has an update available which
closes this vulnerabilty for their SME Server software.
CERT Advisory CA-2002-23 Multiple Vulnerabilities In OpenSSL |
| Alerts: |
|
( Log in to post comments)
|
|
|