SSL: OpenSSL KEY_ARG Buffer Overflow (2)
This signature detects plaintext commands over an SSL connection after an OpenSSL implementation is successfully exploited. OpenSSL 0.9.6d and earlier versions are vulnerable. Attackers can exploit a buffer overflow condition in the KEY_ARG parameter to execute arbitrary code on the target host.
Extended Description
A buffer-overflow vulnerability has been reported in some versions of OpenSSL. The issue occurs in the handling of the client key value during the negotiation of the SSLv2 protocol. A malicious client may be able to exploit this vulnerability to execute arbitrary code as the vulnerable server process or possibly to create a denial-of-service condition. ***UPDATE: A worm that likely exploits this vulnerability has been discovered propagating in the wild. Additionally, this code includes peer-to-peer and distributed denial-of-service capabilities. There have been numerous reports of intrusions in Europe. It is not yet confirmed whether this vulnerability is in OpenSSL, mod_ssl, or another component. Administrators are advised to upgrade to the most recent versions or to disable Apache, if possible, until more information is available.
Affected Products
Sonicwall ssl-r6,Hp tcp/ip_services_for_openvms,Openssl_project openssl
Short Name
SSL:OVERFLOW:SSL-KEY_ARG2
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
SSL
Keywords
(2) Buffer CVE-2002-0656 KEY_ARG OpenSSL Overflow bid:5363
Release Date
12/11/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3339
False Positive
Unknown
Vendors
Apache_software_foundation
Secure_computing
Cisco
Apple
Gentoo
Juniper_networks
Hp
Ibm
Rsa_security
Sonicwall
Novell
Oracle
Covalent
Openssl_project
CVSS Score
7.5