Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5135

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2007-5135
Last Modified 29 Aug 2011 12:00:00
Published 27 Sep 2007 04:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5135

Summary

Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.

Vulnerable Systems

Application

  • Openssl 0.9.7

  • Openssl 0.9.7a

  • Openssl 0.9.7b

  • Openssl 0.9.7c

  • Openssl 0.9.7d

  • Openssl 0.9.7e

  • Openssl 0.9.7f

  • Openssl 0.9.7g

  • Openssl 0.9.7h

  • Openssl 0.9.7i

  • Openssl 0.9.7j

  • Openssl 0.9.7k

  • Openssl 0.9.7l

  • Openssl 0.9.8

  • Openssl 0.9.8a

  • Openssl 0.9.8b

  • Openssl 0.9.8c

  • Openssl 0.9.8d

  • Openssl 0.9.8e

  • Openssl 0.9.8f


References

FEDORA - FEDORA-2007-725

CONFIRM - https://issues.rpath.com/browse/RPL-1770

CONFIRM - https://issues.rpath.com/browse/RPL-1769

MISC - https://bugs.gentoo.org/show_bug.cgi?id=194039

XF - openssl-sslgetshared-bo(36837)

CONFIRM - http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4038

CONFIRM - http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4037

VUPEN - ADV-2008-2362

VUPEN - ADV-2008-2361

VUPEN - ADV-2008-2268

VUPEN - ADV-2008-0064

VUPEN - ADV-2007-4144

VUPEN - ADV-2007-4042

VUPEN - ADV-2007-3625

VUPEN - ADV-2007-3325

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2008-0013.html

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2008-0001.html

UBUNTU - USN-522-1

SECTRACK - 1018755

BID - 25831

BUGTRAQ - 20080123 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages

BUGTRAQ - 20080108 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages

HP - HPSBUX02292

HP - SSRT071499

BUGTRAQ - 20071004 Re: OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow

BUGTRAQ - 20071003 FLEA-2007-0058-1 openssl openssl-scripts

BUGTRAQ - 20071001 Re: OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow

BUGTRAQ - 20070927 OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow

REDHAT - RHSA-2007:1003

REDHAT - RHSA-2007:0964

REDHAT - RHSA-2007:0813

CONFIRM - http://www.openssl.org/news/secadv_20071012.txt

OPENBSD - [4.2] 002: SECURITY FIX: October 10, 2007

OPENBSD - [4.1] 011: SECURITY FIX: October 10, 2007

OPENBSD - [4.0] 017: SECURITY FIX: October 10, 2007

SUSE - SUSE-SR:2007:020

MANDRIVA - MDKSA-2007:193

DEBIAN - DSA-1379

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0241

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm

SUNALERT - 103130

SREASON - 3179

GENTOO - GLSA-200710-06

FREEBSD - FreeBSD-SA-07:08

SECUNIA - 31489

SECUNIA - 31467

SECUNIA - 31326

SECUNIA - 31308

SECUNIA - 28368

SECUNIA - 27961

SECUNIA - 27870

SECUNIA - 27851

SECUNIA - 27394

SECUNIA - 27330

SECUNIA - 27229

SECUNIA - 27217

SECUNIA - 27205

SECUNIA - 27186

SECUNIA - 27097

SECUNIA - 27078

SECUNIA - 27051

SECUNIA - 27031

SECUNIA - 27021

SECUNIA - 27012

SECUNIA - 22130

MLIST - [Security-announce] 20080107 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages

APPLE - APPLE-SA-2008-07-31

GENTOO - GLSA-200805-07

SUNALERT - 200858

SECUNIA - 30161

SECUNIA - 30124

SECUNIA - 29242

SUSE - SUSE-SR:2008:005

NETBSD - NetBSD-SA2008-007

Related Patches

Apple 2008-07-31 Security Update 2008-005 (PPC)

Apple 2008-07-31 Security Update 2008-005 Server (PPC)

Apple 2008-07-31 Security Update 2008-005 (Leopard)

Apple 2008-07-31 Security Update 2008-005 (Intel)

Apple 2008-07-31 Security Update 2008-005 Server (Intel)

Novell SUSE 2008:5055 compat-openssl097g security update for SLE 10 SP1 i586


Last Updated: 27 May 2016 10:46:05