Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4995

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2007-4995
Last Modified 30 Aug 2011 12:00:00
Published 12 Oct 2007 09:17:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4995

Summary

Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors.

Vulnerable Systems

Application

  • Openssl 0.9.8

  • Openssl 0.9.8a

  • Openssl 0.9.8b

  • Openssl 0.9.8c

  • Openssl 0.9.8d

  • Openssl 0.9.8e


References

CONFIRM - http://www.openssl.org/news/secadv_20071012.txt

FEDORA - FEDORA-2007-725

XF - openssl-dtls-code-execution(37185)

VUPEN - ADV-2008-1937

VUPEN - ADV-2007-4219

VUPEN - ADV-2007-3487

UBUNTU - USN-534-1

BID - 26055

BUGTRAQ - 20071012 OpenSSL Security Advisory

REDHAT - RHSA-2007:0964

MANDRIVA - MDKSA-2007:237

GENTOO - GLSA-200805-07

DEBIAN - DSA-1571

MISC - http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=738962

SECTRACK - 1018810

GENTOO - GLSA-200710-30

SECUNIA - 30852

SECUNIA - 30220

SECUNIA - 30161

SECUNIA - 28084

SECUNIA - 27933

SECUNIA - 27434

SECUNIA - 27363

SECUNIA - 27271

SECUNIA - 27217

SECUNIA - 27205

SECUNIA - 25878

SUSE - SUSE-SR:2007:021

HP - SSRT071504

CONFIRM - http://bugs.gentoo.org/show_bug.cgi?id=195634

HP - HPSBUX02296

Related Patches

Novell SUSE 2007:4559 openssl security update for SLE 10 SP1 i586


Last Updated: 27 May 2016 10:47:26