{"vuid":"VU#258555","idnumber":"258555","name":"OpenSSL clients contain a buffer overflow during the SSL3 handshake process","keywords":["OpenSSL"],"overview":"OpenSSL is an open-source implementation of the Secure Sockets Layer (SSL) protocol. A remotely exploitable vulnerability exists in OpenSSL clients that could lead to the execution of arbitrary code on the client's system.","clean_desc":"OpenSSL clients using SSLv3 prior to version 0.9.6e and pre-release version 0.9.7-beta2 contain a buffer overflow vulnerability. A malicious server can exploit this by sending a large session ID to the client during the handshake process.","impact":"A remote attacker may be able to execute arbitrary code on the client system with the privileges of the current user.","resolution":"Apply the relevant patches to the OpenSSL client or upgrade to OpenSSL 0.9.6e. Note that applications statically linking to OpenSSL libraries may need to be recompiled with the corrected version of OpenSSL.","workarounds":"","sysaffected":"","thanks":"Thanks to A.L. Digital Ltd  for discovering and reporting on this vulnerability.","author":"This document was written by Jason A Rafail and Jeffrey S. Havrilla.","public":["http://wp.netscape.com/eng/ssl3/draft302.txt","http://www.securityfocus.com/bid/5362"],"cveids":["CVE-2002-0656"],"certadvisory":"CA-2002-23","uscerttechnicalalert":null,"datecreated":"2002-07-19T18:24:34Z","publicdate":"2002-07-30T00:00:00Z","datefirstpublished":"2002-07-30T14:12:24Z","dateupdated":"2002-09-30T20:50:44Z","revision":38,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"1","cam_exploitation":"0","cam_internetinfrastructure":"8","cam_population":"15","cam_impact":"15","cam_easeofexploitation":"12","cam_attackeraccessrequired":"7","cam_scorecurrent":"3.189375","cam_scorecurrentwidelyknown":"9.9225","cam_scorecurrentwidelyknownexploited":"17.01","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":3.189375,"vulnote":null}