CVE-2002-0656

Severity

75%

Complexity

99%

Confidentiality

106%

Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3.

Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3.

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

First reported 22 years ago

2002-08-12 04:00:00

Last updated 16 years ago

2008-09-10 19:12:00

Affected Software

OpenSSL Project OpenSSL 0.9.1c

0.9.1c

OpenSSL Project OpenSSL 0.9.2b

0.9.2b

OpenSSL Project OpenSSL 0.9.3

0.9.3

OpenSSL Project OpenSSL 0.9.4

0.9.4

OpenSSL Project OpenSSL 0.9.5

0.9.5

OpenSSL Project OpenSSL 0.9.5a

0.9.5a

OpenSSL Project OpenSSL 0.9.6

0.9.6

OpenSSL Project OpenSSL 0.9.6a

0.9.6a

OpenSSL Project OpenSSL 0.9.6b

0.9.6b

OpenSSL Project OpenSSL 0.9.6c

0.9.6c

OpenSSL Project OpenSSL 0.9.6d

0.9.6d

OpenSSL Project OpenSSL 0.9.7 beta1

0.9.7

OpenSSL Project OpenSSL 0.9.7 beta2

0.9.7

Oracle Application Server

Oracle Application Server 9i 1.0.2

1.0.2

Oracle Application Server 9i 1.0.2.1s

1.0.2.1s

Oracle Application Server 9i 1.0.2.2

1.0.2.2

Oracle CorporateTime Outlook Connector 3.1

3.1

Oracle CorporateTime Outlook Connector 3.1.1

3.1.1

Oracle CorporateTime Outlook Connector 3.1.2

3.1.2

Oracle CorporateTime Outlook Connector 3.3

3.3

Oracle HTTP Server 9.0.1

9.0.1

Oracle HTTP Server 9.2.0

9.2.0

Apple Mac OS X 10.0

10.0

Apple Mac OS X 10.0.1

10.0.1

Apple Mac OS X 10.0.2

10.0.2

Apple Mac OS X 10.0.3

10.0.3

Apple Mac OS X 10.0.4

10.0.4

Apple Mac OS X 10.1

10.1

Apple Mac OS X 10.1.1

10.1.1

Apple Mac OS X 10.1.2

10.1.2

Apple Mac OS X 10.1.3

10.1.3

Apple Mac OS X 10.1.4

10.1.4

Apple Mac OS X 10.1.5

10.1.5

References

CSSA-2002-033.0

CSSA-2002-033.1

FreeBSD-SA-02:33

CLA-2002:513

CA-2002-23

US Government Resource

openssl-ssl2-masterkey-bo(9714)

openssl-ssl3-sessionid-bo(9716)

VU#102795

US Government Resource

VU#258555

US Government Resource

MDKSA-2002:046

5362

5363

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.