Summary:
The SSL_get_shared_ciphers() function in OpenSSL contains an
off-by-one overflow.
Impact:
A client can send a specially prepared list of ciphers to an
application using the SSL_get_shared_ciphers() function from
the OpenSSL library, potentially resulting in remote code
execution.
Fix:
A fix has been committed to OpenBSD-current. Patches are
available for OpenBSD 4.2, 4.1 and 4.0.
ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.2/common/002_openssl.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.1/common/011_openssl.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.0/common/017_openssl.patch
Credits:
The bug was found and fixed by Moritz Jodeit (moritz@).
Original Adivsory:
<
http://www.securityfocus.com/archive/1/480855/30/0/threaded>