ID CVE-2007-4995
Summary Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors.
References
Vulnerable Configurations
  • OpenSSL Project OpenSSL 0.9.8
    cpe:2.3:a:openssl:openssl:0.9.8
  • OpenSSL Project OpenSSL 0.9.8a
    cpe:2.3:a:openssl:openssl:0.9.8a
  • OpenSSL Project OpenSSL 0.9.8b
    cpe:2.3:a:openssl:openssl:0.9.8b
  • OpenSSL Project OpenSSL 0.9.8c
    cpe:2.3:a:openssl:openssl:0.9.8c
  • OpenSSL Project OpenSSL 0.9.8d
    cpe:2.3:a:openssl:openssl:0.9.8d
  • OpenSSL Project OpenSSL 0.9.8e
    cpe:2.3:a:openssl:openssl:0.9.8e
CVSS
Base: 9.3 (as of 15-10-2007 - 13:54)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201412-11.NASL
    description The remote host is affected by the vulnerability described in GLSA-201412-11 (AMD64 x86 emulation base libraries: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in AMD64 x86 emulation base libraries. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker may be able to execute arbitrary code, cause a Denial of Service condition, or obtain sensitive information. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2016-11-11
    plugin id 79964
    published 2014-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79964
    title GLSA-201412-11 : AMD64 x86 emulation base libraries: Multiple vulnerabilities (Heartbleed)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_OPENSSL-4559.NASL
    description A buffer overflow in the DTLS implementation of openssl could be exploited by attackers to potentially execute arbitrary code. (CVE-2007-4995)
    last seen 2019-02-21
    modified 2012-06-14
    plugin id 29545
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29545
    title SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 4559)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBOPENSSL-DEVEL-4560.NASL
    description A buffer overflow in the DTLS implementation of openssl could be exploited by attackers to potentially execute arbitrary code (CVE-2007-4995).
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 27531
    published 2007-10-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27531
    title openSUSE 10 Security Update : libopenssl-devel (libopenssl-devel-4560)
  • NASL family Web Servers
    NASL id OPENSSL_0_9_8F.NASL
    description According to its banner, the remote server is running a version of OpenSSL that is earlier than 0.9.8f. As such, it is affected by the following vulnerabilities : - A local attacker could perform a side-channel attack against the Montgomery multiplication code and retrieve RSA private keys. Note that this has not been exploited outside a laboratory environment. (CVE-2007-3108) - A remote attacker could execute arbitrary code by exploiting an off-by-one error in the DTLS implementation. (CVE-2007-4995)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 17760
    published 2012-01-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17760
    title OpenSSL < 0.9.8f Multiple Vulnerabilities
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20071012_OPENSSL_ON_SL5_X.NASL
    description OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. Datagram TLS (DTLS) is a protocol based on TLS that is capable of securing datagram transport (UDP for instance). The OpenSSL security team discovered a flaw in DTLS support. An attacker could create a malicious client or server that could trigger a heap overflow. This is possibly exploitable to run arbitrary code, but it has not been verified (CVE-2007-5135). Note that this flaw only affects applications making use of DTLS. Scientific Linux does not ship any DTLS client or server applications. A flaw was found in the SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer with a single byte (CVE-2007-4995). Few applications make use of this vulnerable function and generally it is used only when applications are compiled for debugging. A number of possible side-channel attacks were discovered affecting OpenSSL. A local attacker could possibly obtain RSA private keys being used on a system. In practice these attacks would be difficult to perform outside of a lab environment. This update contains backported patches designed to mitigate these issues. (CVE-2007-3108). Users of OpenSSL should upgrade to these updated packages, which contain backported patches to resolve these issues. Please note that the fix for the DTLS flaw involved an overhaul of the DTLS handshake processing which may introduce incompatibilities if a new client is used with an older server. After installing this update, users are advised to either restart all services that use OpenSSL or restart their system.
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60267
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60267
    title Scientific Linux Security Update : openssl on SL5.x i386/x86_64
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200710-30.NASL
    description The remote host is affected by the vulnerability described in GLSA-200710-30 (OpenSSL: Remote execution of arbitrary code) Andy Polyakov reported a vulnerability in the OpenSSL toolkit, that is caused due to an unspecified off-by-one error within the DTLS implementation. Impact : A remote attacker could exploit this issue to execute arbitrary code or cause a Denial of Service. Only clients and servers explicitly using DTLS are affected, systems using SSL and TLS are not. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 27592
    published 2007-10-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27592
    title GLSA-200710-30 : OpenSSL: Remote execution of arbitrary code
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-534-1.NASL
    description Andy Polyakov discovered that the DTLS implementation in OpenSSL was vulnerable. A remote attacker could send a specially crafted connection request to services using DTLS and execute arbitrary code with the service's privileges. There are no known Ubuntu applications that are currently using DTLS. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 28140
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28140
    title Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : openssl vulnerability (USN-534-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-725.NASL
    description - Fri Oct 12 2007 Tomas Mraz 0.9.8b-15 - fix CVE-2007-5135 - off-by-one in SSL_get_shared_ciphers (#309801) - fix CVE-2007-4995 - out of order DTLS fragments buffer overflow (#321191) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 27061
    published 2007-10-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27061
    title Fedora Core 6 : openssl-0.9.8b-15.fc6 (2007-725)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-2530.NASL
    description This is important security update. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 27777
    published 2007-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27777
    title Fedora 7 : openssl-0.9.8b-15.fc7 (2007-2530)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0964.NASL
    description Updated OpenSSL packages that correct several security issues are now available for Red Hat Enterprise 5. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. Datagram TLS (DTLS) is a protocol based on TLS that is capable of securing datagram transport (UDP for instance). The OpenSSL security team discovered a flaw in DTLS support. An attacker could create a malicious client or server that could trigger a heap overflow. This is possibly exploitable to run arbitrary code, but it has not been verified (CVE-2007-4995). Note that this flaw only affects applications making use of DTLS. Red Hat does not ship any DTLS client or server applications in Red Hat Enterprise Linux. A flaw was found in the SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer with a single byte (CVE-2007-5135). Few applications make use of this vulnerable function and generally it is used only when applications are compiled for debugging. A number of possible side-channel attacks were discovered affecting OpenSSL. A local attacker could possibly obtain RSA private keys being used on a system. In practice these attacks would be difficult to perform outside of a lab environment. This update contains backported patches designed to mitigate these issues. (CVE-2007-3108). Users of OpenSSL should upgrade to these updated packages, which contain backported patches to resolve these issues. Please note that the fix for the DTLS flaw involved an overhaul of the DTLS handshake processing which may introduce incompatibilities if a new client is used with an older server. After installing this update, users are advised to either restart all services that use OpenSSL or restart their system.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 43658
    published 2010-01-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43658
    title CentOS 5 : openssl (CESA-2007:0964)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0964.NASL
    description From Red Hat Security Advisory 2007:0964 : Updated OpenSSL packages that correct several security issues are now available for Red Hat Enterprise 5. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. Datagram TLS (DTLS) is a protocol based on TLS that is capable of securing datagram transport (UDP for instance). The OpenSSL security team discovered a flaw in DTLS support. An attacker could create a malicious client or server that could trigger a heap overflow. This is possibly exploitable to run arbitrary code, but it has not been verified (CVE-2007-4995). Note that this flaw only affects applications making use of DTLS. Red Hat does not ship any DTLS client or server applications in Red Hat Enterprise Linux. A flaw was found in the SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer with a single byte (CVE-2007-5135). Few applications make use of this vulnerable function and generally it is used only when applications are compiled for debugging. A number of possible side-channel attacks were discovered affecting OpenSSL. A local attacker could possibly obtain RSA private keys being used on a system. In practice these attacks would be difficult to perform outside of a lab environment. This update contains backported patches designed to mitigate these issues. (CVE-2007-3108). Users of OpenSSL should upgrade to these updated packages, which contain backported patches to resolve these issues. Please note that the fix for the DTLS flaw involved an overhaul of the DTLS handshake processing which may introduce incompatibilities if a new client is used with an older server. After installing this update, users are advised to either restart all services that use OpenSSL or restart their system.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67585
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67585
    title Oracle Linux 5 : openssl (ELSA-2007-0964)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-237.NASL
    description A buffer overflow in the DTLS implementation of OpenSSL 0.9.8 could be exploited by attackers to potentially execute arbitrary code. It is questionable as to whether the DTLS support even worked or is used in any applications; as a result this flaw most likely does not affect most Mandriva users. The updated packages have been patched to correct these issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 29234
    published 2007-12-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29234
    title Mandrake Linux Security Advisory : openssl (MDKSA-2007:237)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0964.NASL
    description Updated OpenSSL packages that correct several security issues are now available for Red Hat Enterprise 5. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. Datagram TLS (DTLS) is a protocol based on TLS that is capable of securing datagram transport (UDP for instance). The OpenSSL security team discovered a flaw in DTLS support. An attacker could create a malicious client or server that could trigger a heap overflow. This is possibly exploitable to run arbitrary code, but it has not been verified (CVE-2007-4995). Note that this flaw only affects applications making use of DTLS. Red Hat does not ship any DTLS client or server applications in Red Hat Enterprise Linux. A flaw was found in the SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer with a single byte (CVE-2007-5135). Few applications make use of this vulnerable function and generally it is used only when applications are compiled for debugging. A number of possible side-channel attacks were discovered affecting OpenSSL. A local attacker could possibly obtain RSA private keys being used on a system. In practice these attacks would be difficult to perform outside of a lab environment. This update contains backported patches designed to mitigate these issues. (CVE-2007-3108). Users of OpenSSL should upgrade to these updated packages, which contain backported patches to resolve these issues. Please note that the fix for the DTLS flaw involved an overhaul of the DTLS handshake processing which may introduce incompatibilities if a new client is used with an older server. After installing this update, users are advised to either restart all services that use OpenSSL or restart their system.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 27052
    published 2007-10-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27052
    title RHEL 5 : openssl (RHSA-2007:0964)
oval via4
accepted 2013-04-29T04:04:20.769-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors.
family unix
id oval:org.mitre.oval:def:10288
status accepted
submitted 2010-07-09T03:56:16-04:00
title Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors.
version 18
redhat via4
advisories
rhsa
id RHSA-2007:0964
rpms
  • openssl-0:0.9.8b-8.3.el5_0.2
  • openssl-devel-0:0.9.8b-8.3.el5_0.2
  • openssl-perl-0:0.9.8b-8.3.el5_0.2
refmap via4
bid 26055
bugtraq 20071012 OpenSSL Security Advisory
confirm
debian DSA-1571
fedora FEDORA-2007-725
gentoo
  • GLSA-200710-30
  • GLSA-200805-07
hp
  • HPSBUX02296
  • SSRT071504
mandriva MDKSA-2007:237
misc http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=738962
sectrack 1018810
secunia
  • 25878
  • 27205
  • 27217
  • 27271
  • 27363
  • 27434
  • 27933
  • 28084
  • 30161
  • 30220
  • 30852
suse SUSE-SR:2007:021
ubuntu USN-534-1
vupen
  • ADV-2007-3487
  • ADV-2007-4219
  • ADV-2008-1937
xf openssl-dtls-code-execution(37185)
statements via4
contributor Mark J Cox
lastmodified 2007-10-24
organization Red Hat
statement This issue did not affect the versions of OpenSSL as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. An update to correct this issue for Enterprise Linux 5 is available. http://rhn.redhat.com/cve/CVE-2007-4995.html Please note that the CVE description is incorrect, this issue did not affect upstream versions of OpenSSL prior to 0.9.8.
Last major update 30-08-2011 - 00:00
Published 12-10-2007 - 21:17
Last modified 15-10-2018 - 17:39
Back to Top