Peaches Posted January 22, 2011 Report Share Posted January 22, 2011 Quote Iconfidant SSL Server Key Exchange Buffer Overflow Vulnerability Highly critical DescriptionA vulnerability has been reported in Iconfidant SSL, which can be exploited by malicious people to compromise a vulnerable system.The vulnerability is caused due to a boundary error in the key exchange functionality of the server, which can be exploited to cause a stack-based buffer overflow via a specially crafted client master key packet sent to the server.Successful exploitation may allow execution of arbitrary code.The vulnerability is reported in versions prior to 1.3.0. SolutionUpdate to version 1.3.0 or later. Provided and/or discovered byAn anonymous person via ZDI.Original AdvisoryZDI:http://www.zerodayin...ies/ZDI-11-021/ http://secunia.com/advisories/42971/ Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.