Iconfidant SSL Server Key Exchange Buffer Overflow Vulnerability


Recommended Posts

  Quote
Iconfidant SSL Server Key Exchange Buffer Overflow Vulnerability

Highly critical

Description

A vulnerability has been reported in Iconfidant SSL, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error in the key exchange functionality of the server, which can be exploited to cause a stack-based buffer overflow via a specially crafted client master key packet sent to the server.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in versions prior to 1.3.0.

Solution

Update to version 1.3.0 or later.

Provided and/or discovered by

An anonymous person via ZDI.

Original Advisory

ZDI:

http://www.zerodayin...ies/ZDI-11-021/

http://secunia.com/advisories/42971/

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.