Ubuntu
openssl package

[openssl] off-by-one buffer overflow

Bug #146270 reported by disabled.user
254
Affects Status Importance Assigned to Milestone
openssl (Ubuntu)
New
Undecided
Unassigned

Bug Description

Binary package hint: openssl

Quote from [1]:

"Application details:

OpenSSL is a widely used open source implementation of the
SSL v2/v3 and TLS v1 protocols.

Vulnerability description:

OpenSSL 0.9.7l and 0.9.8d fixed a buffer overflow found in
the SSL_get_shared_ciphers() function reported by Tavis
Ormandy and Will Drewry of the Google Security Team.

Although this fix prevented the unlimited overflow of the
buffer, it still allowed an off-by-one buffer overflow to
happen, which could potentially still result in remote code
execution."

References:
[1] http://www.securityfocus.com/archive/1/480855/30/0/threaded
[2] http://cvs.openssl.org/chngview?cn=16587

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.