OpenSSL SSLv3 Session ID Buffer Overflow Vulnerability

OpenSSL is prone to a buffer-overflow vulnerability involving overly long SSLv3 session IDs.

Reportedly, when an oversized SSLv3 session ID is supplied to a client from a malicious server, a buffer may overflow on the remote system. Key memory areas on the vulnerable remote system may be overwritten, and arbitrary code may run as the client process.


Privacy Statement
Copyright 2010, SecurityFocus