ssldump SSLv2 "challenge" memory corruption
| ssldump-sslv2-memory-corruption (10087) |  High Risk |
Description:
The ssldump utility is vulnerable to a memory corruption condition, caused by improper bounds checking of the SSLv2 "challenge" value in SSLv2 messages. If a remote attacker sends an SSLv2 message with a "challenge" value that is less than 32 bytes, the attacker could corrupt buffer memory and execute arbitrary code on the victim's system.
Platforms Affected:
- Eric Rescorla, ssldump 0.9b2 and prior
- FreeBSD, FreeBSD
Remedy:
Upgrade to the latest version of ssldump (0.9b3 or later), available from the ssldump home page. See References.
Consequences:
Gain Access
References:
- BugTraq Mailing List, Wed Sep 11 2002 - 10:04:09 CDT, Buffer over/underflows in ssldump prior to 0.9b3 at http://archives.neohapsis.com/archives/bugtraq/2002-09/0101.html.
- ssldump home page, ssldump at http://www.rtfm.com/ssldump/.
- BID-5693: ssldump SSLv2 Challenge Buffer Underflow Vulnerability
- CVE-2002-2227: Buffer underflow in ssldump 0.9b2 and earlier allows remote attackers to cause a denial of service (memory corruption) via a crafted SSLv2 challenge value.
Reported:
Sep 11, 2002
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.
For corrections or additions please email xforce@iss.net