ID CVE-2007-5135
Summary Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.
References
Vulnerable Configurations
  • OpenSSL Project OpenSSL 0.9.7
    cpe:2.3:a:openssl:openssl:0.9.7
  • OpenSSL Project OpenSSL 0.9.7 beta1
    cpe:2.3:a:openssl:openssl:0.9.7:beta1
  • OpenSSL Project OpenSSL 0.9.7 beta2
    cpe:2.3:a:openssl:openssl:0.9.7:beta2
  • OpenSSL Project OpenSSL 0.9.7 beta3
    cpe:2.3:a:openssl:openssl:0.9.7:beta3
  • OpenSSL Project OpenSSL 0.9.7 Beta4
    cpe:2.3:a:openssl:openssl:0.9.7:beta4
  • OpenSSL Project OpenSSL 0.9.7 Beta5
    cpe:2.3:a:openssl:openssl:0.9.7:beta5
  • OpenSSL Project OpenSSL 0.9.7 Beta6
    cpe:2.3:a:openssl:openssl:0.9.7:beta6
  • OpenSSL Project OpenSSL 0.9.7a
    cpe:2.3:a:openssl:openssl:0.9.7a
  • OpenSSL Project OpenSSL 0.9.7b
    cpe:2.3:a:openssl:openssl:0.9.7b
  • OpenSSL Project OpenSSL 0.9.7c
    cpe:2.3:a:openssl:openssl:0.9.7c
  • OpenSSL Project OpenSSL 0.9.7d
    cpe:2.3:a:openssl:openssl:0.9.7d
  • OpenSSL Project OpenSSL 0.9.7e
    cpe:2.3:a:openssl:openssl:0.9.7e
  • OpenSSL Project OpenSSL 0.9.7f
    cpe:2.3:a:openssl:openssl:0.9.7f
  • OpenSSL Project OpenSSL 0.9.7g
    cpe:2.3:a:openssl:openssl:0.9.7g
  • OpenSSL Project OpenSSL 0.9.7h
    cpe:2.3:a:openssl:openssl:0.9.7h
  • OpenSSL Project OpenSSL 0.9.7i
    cpe:2.3:a:openssl:openssl:0.9.7i
  • OpenSSL Project OpenSSL 0.9.7j
    cpe:2.3:a:openssl:openssl:0.9.7j
  • OpenSSL Project OpenSSL 0.9.7k
    cpe:2.3:a:openssl:openssl:0.9.7k
  • OpenSSL Project OpenSSL 0.9.7l
    cpe:2.3:a:openssl:openssl:0.9.7l
  • OpenSSL Project OpenSSL 0.9.8
    cpe:2.3:a:openssl:openssl:0.9.8
  • OpenSSL Project OpenSSL 0.9.8a
    cpe:2.3:a:openssl:openssl:0.9.8a
  • OpenSSL Project OpenSSL 0.9.8b
    cpe:2.3:a:openssl:openssl:0.9.8b
  • OpenSSL Project OpenSSL 0.9.8c
    cpe:2.3:a:openssl:openssl:0.9.8c
  • OpenSSL Project OpenSSL 0.9.8d
    cpe:2.3:a:openssl:openssl:0.9.8d
  • OpenSSL Project OpenSSL 0.9.8e
    cpe:2.3:a:openssl:openssl:0.9.8e
  • OpenSSL Project OpenSSL 0.9.8f
    cpe:2.3:a:openssl:openssl:0.9.8f
CVSS
Base: 6.8 (as of 28-09-2007 - 07:44)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201412-11.NASL
    description The remote host is affected by the vulnerability described in GLSA-201412-11 (AMD64 x86 emulation base libraries: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in AMD64 x86 emulation base libraries. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker may be able to execute arbitrary code, cause a Denial of Service condition, or obtain sensitive information. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2016-11-11
    plugin id 79964
    published 2014-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79964
    title GLSA-201412-11 : AMD64 x86 emulation base libraries: Multiple vulnerabilities (Heartbleed)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_COMPAT-OPENSSL097G-5054.NASL
    description This update of openssl fixes a off-by-one buffer overflow in function SSL_get_shared_ciphers(). This vulnerability potentially allows remote code execution; depending on memory layout of the process. (CVE-2007-5135) We released updates for openssl already, but an update for the compat 0.9.7g openssl libraries was missing and is provided with this patch.
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 31391
    published 2008-03-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31391
    title openSUSE 10 Security Update : compat-openssl097g (compat-openssl097g-5054)
  • NASL family Web Servers
    NASL id OPENSSL_0_9_7M_0_9_8E.NASL
    description According to its banner, the remote server is running a version of OpenSSL that is earlier than 0.9.7m or 0.9.8e. A remote attacker could trigger a one-byte buffer overflow. The real impact is unknown. Arbitrary code could be run but no functional exploit was published. This plugin has been deprecated. Use openssl_0_9_8f.nasl (plugin ID 17760) instead.
    last seen 2018-07-18
    modified 2018-07-16
    plugin id 17758
    published 2012-01-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17758
    title OpenSSL < 0.9.7m / 0.9.8e Buffer Overflow (deprecated)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2008-0001.NASL
    description I Service Console package security updates a. OpenPegasus PAM Authentication Buffer Overflow Alexander Sotirov from VMware Security Research discovered a buffer overflow vulnerability in the OpenPegasus Management server. This flaw could be exploited by a malicious remote user on the service console network to gain root access to the service console. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-5360 to this issue. b. Updated Samba package An issue where attackers on the service console management network can cause a stack-based buffer overflow in the reply_netbios_packet function of nmbd in Samba. On systems where Samba is being used as a WINS server, exploiting this vulnerability can allow remote attackers to execute arbitrary code via crafted WINS Name Registration requests followed by a WINS Name Query request. An issue where attackers on the service console management network can exploit a vulnerability that occurs when Samba is configured as a Primary or Backup Domain controller. The vulnerability allows remote attackers to have an unknown impact via crafted GETDC mailslot requests, related to handling of GETDC logon server requests. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-5398 and CVE-2007-4572 to these issues. Note: By default Samba is not configured as a WINS server or a domain controller and ESX is not vulnerable unless the administrator has changed the default configuration. This vulnerability can be exploited remotely only if the attacker has access to the service console network. Security best practices provided by VMware recommend that the service console be isolated from the VM network. Please see http://www.vmware.com/resources/techresources/726 for more information on VMware security best practices. c. Updated util-linux package The patch addresses an issue where the mount and umount utilities in util-linux call the setuid and setgid functions in the wrong order and do not check the return values, which could allow attackers to gain elevated privileges via helper application such as mount.nfs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-5191 to this issue. d. Updated Perl package The update addresses an issue where the regular expression engine in Perl can be used to issue a specially crafted regular expression that allows the attacker to run arbitrary code with the permissions level of the current Perl user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-5116 to this issue. e. Updated OpenSSL package A flaw in the SSL_get_shared_ciphers() function could allow an attacker to cause a buffer overflow problem by sending ciphers to applications that use the function. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-3108, and CVE-2007-5135 to these issues.
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 40372
    published 2009-07-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40372
    title VMSA-2008-0001 : Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages
  • NASL family SuSE Local Security Checks
    NASL id SUSE_OPENSSL-4477.NASL
    description This update of openssl fixes a off-by-one buffer overflow in function SSL_get_shared_ciphers(). This vulnerability potentially allows remote code execution; depending on memory layout of the process. (CVE-2007-5135)
    last seen 2019-02-21
    modified 2012-06-14
    plugin id 29544
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29544
    title SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 4477)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBOPENSSL-DEVEL-4476.NASL
    description This update of openssl fixes a off-by-one buffer overflow in function SSL_get_shared_ciphers(). This vulnerability potentially allows remote code execution; depending on memory layout of the process. (CVE-2007-5135)
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 27328
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27328
    title openSUSE 10 Security Update : libopenssl-devel (libopenssl-devel-4476)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_COMPAT-OPENSSL097G-5055.NASL
    description This update of openssl fixes a off-by-one buffer overflow in function SSL_get_shared_ciphers(). This vulnerability potentially allows remote code execution; depending on memory layout of the process. (CVE-2007-5135) We released updates for openssl already, but an update for the compat 0.9.7g openssl libraries was missing and is provided with this patch.
    last seen 2019-02-21
    modified 2012-06-14
    plugin id 31392
    published 2008-03-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31392
    title SuSE 10 Security Update : compat-openssl097g (ZYPP Patch Number 5055)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0813.NASL
    description Updated OpenSSL packages that correct security issues are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. A flaw was found in the SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer with a single byte (CVE-2007-5135). Few applications make use of this vulnerable function and generally it is used only when applications are compiled for debugging. A number of possible side-channel attacks were discovered affecting OpenSSL. A local attacker could possibly obtain RSA private keys being used on a system. In practice these attacks would be difficult to perform outside of a lab environment. This update contains backported patches designed to mitigate these issues. (CVE-2007-3108). Users of OpenSSL should upgrade to these updated packages, which contain backported patches to resolve these issues. Note: After installing this update, users are advised to either restart all services that use OpenSSL or restart their system.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 27563
    published 2007-10-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27563
    title RHEL 2.1 / 3 : openssl (RHSA-2007:0813)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20071012_OPENSSL_ON_SL5_X.NASL
    description OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. Datagram TLS (DTLS) is a protocol based on TLS that is capable of securing datagram transport (UDP for instance). The OpenSSL security team discovered a flaw in DTLS support. An attacker could create a malicious client or server that could trigger a heap overflow. This is possibly exploitable to run arbitrary code, but it has not been verified (CVE-2007-5135). Note that this flaw only affects applications making use of DTLS. Scientific Linux does not ship any DTLS client or server applications. A flaw was found in the SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer with a single byte (CVE-2007-4995). Few applications make use of this vulnerable function and generally it is used only when applications are compiled for debugging. A number of possible side-channel attacks were discovered affecting OpenSSL. A local attacker could possibly obtain RSA private keys being used on a system. In practice these attacks would be difficult to perform outside of a lab environment. This update contains backported patches designed to mitigate these issues. (CVE-2007-3108). Users of OpenSSL should upgrade to these updated packages, which contain backported patches to resolve these issues. Please note that the fix for the DTLS flaw involved an overhaul of the DTLS handshake processing which may introduce incompatibilities if a new client is used with an older server. After installing this update, users are advised to either restart all services that use OpenSSL or restart their system.
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60267
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60267
    title Scientific Linux Security Update : openssl on SL5.x i386/x86_64
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20071115_OPENSSL_ON_SL4_X.NASL
    description A flaw was found in the SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer by a single byte (CVE-2007-5135). Few applications make use of this vulnerable function and generally it is used only when applications are compiled for debugging. A number of possible side-channel attacks were discovered affecting OpenSSL. A local attacker could possibly obtain RSA private keys being used on a system. In practice these attacks would be difficult to perform outside of a lab environment. This update contains backported patches to mitigate these issues. (CVE-2007-3108) As well, these updated packages fix the following bugs : - multithreaded applications could cause a segmentation fault or deadlock when calling the random number generator initialization (RAND_poll) in the OpenSSL library, for a large number of threads simultaneously. - in certain circumstances, if an application using the OpenSSL library reused the SSL session cache for multiple purposes (with various parameters of the SSL protocol), the session parameters could be mismatched. - a segmentation fault could occur when a corrupted pkcs12 file was being loaded using the 'openssl pkcs12 -in [pkcs12-file]' command, where [pkcs12-file] is the pkcs12 file.
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60307
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60307
    title Scientific Linux Security Update : openssl on SL4.x i386/x86_64
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20071022_OPENSSL_ON_SL3.NASL
    description A flaw was found in the SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer with a single byte (CVE-2007-5135). Few applications make use of this vulnerable function and generally it is used only when applications are compiled for debugging. A number of possible side-channel attacks were discovered affecting OpenSSL. A local attacker could possibly obtain RSA private keys being used on a system. In practice these attacks would be difficult to perform outside of a lab environment. This update contains backported patches designed to mitigate these issues. (CVE-2007-3108). Note: After installing this update, users are advised to either restart all services that use OpenSSL or restart their system.
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60273
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60273
    title Scientific Linux Security Update : openssl on SL3.x i386/x86_64
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0813.NASL
    description From Red Hat Security Advisory 2007:0813 : Updated OpenSSL packages that correct security issues are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. A flaw was found in the SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer with a single byte (CVE-2007-5135). Few applications make use of this vulnerable function and generally it is used only when applications are compiled for debugging. A number of possible side-channel attacks were discovered affecting OpenSSL. A local attacker could possibly obtain RSA private keys being used on a system. In practice these attacks would be difficult to perform outside of a lab environment. This update contains backported patches designed to mitigate these issues. (CVE-2007-3108). Users of OpenSSL should upgrade to these updated packages, which contain backported patches to resolve these issues. Note: After installing this update, users are advised to either restart all services that use OpenSSL or restart their system.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67559
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67559
    title Oracle Linux 3 : openssl (ELSA-2007-0813)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_121230-02.NASL
    description SunOS 5.10_x86: libssl patch. Date this patch was last updated by Sun : Apr/23/07
    last seen 2019-01-19
    modified 2019-01-18
    plugin id 107877
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107877
    title Solaris 10 (x86) : 121230-02
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_121230.NASL
    description SunOS 5.10_x86: libssl patch. Date this patch was last updated by Sun : Apr/23/07
    last seen 2018-09-01
    modified 2018-08-13
    plugin id 20275
    published 2005-12-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20275
    title Solaris 10 (x86) : 121230-02
  • NASL family F5 Networks Local Security Checks
    NASL id F5_BIGIP_SOL8106.NASL
    description F5 Product Development has determined that the BIG-IP and Enterprise Manager products use a vulnerable version of OpenSSL; however, the vulnerable code is not used in either TMM or in Apache on the BIG-IP system. The vulnerability is considered to be a local vulnerability and cannot be exploited remotely.
    last seen 2019-02-21
    modified 2019-01-04
    plugin id 86017
    published 2015-09-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86017
    title F5 Networks BIG-IP : OpenSSL SSL_get_shared_ciphers vulnerability (SOL8106)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2008-005.NASL
    description The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have the security update 2008-005 applied. This update contains security fixes for a number of programs.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 33790
    published 2008-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=33790
    title Mac OS X Multiple Vulnerabilities (Security Update 2008-005)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-178.NASL
    description Openssl recently had several vulnerabilities which were patched (CVE-2006-2937,2940,3738,4339, 4343). Some versions of ntp are built against a static copy of the SSL libraries. As a precaution an updated copy built against the new libraries in being made available.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 24564
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24564
    title Mandrake Linux Security Advisory : ntp (MDKSA-2006:178)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-725.NASL
    description - Fri Oct 12 2007 Tomas Mraz 0.9.8b-15 - fix CVE-2007-5135 - off-by-one in SSL_get_shared_ciphers (#309801) - fix CVE-2007-4995 - out of order DTLS fragments buffer overflow (#321191) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 27061
    published 2007-10-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27061
    title Fedora Core 6 : openssl-0.9.8b-15.fc6 (2007-725)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-2530.NASL
    description This is important security update. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 27777
    published 2007-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27777
    title Fedora 7 : openssl-0.9.8b-15.fc7 (2007-2530)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-353-1.NASL
    description Dr. Henson of the OpenSSL core team and Open Network Security discovered a mishandled error condition in the ASN.1 parser. By sending specially crafted packet data, a remote attacker could exploit this to trigger an infinite loop, which would render the service unusable and consume all available system memory. (CVE-2006-2937) Certain types of public key could take disproportionate amounts of time to process. The library now limits the maximum key exponent size to avoid Denial of Service attacks. (CVE-2006-2940) Tavis Ormandy and Will Drewry of the Google Security Team discovered a buffer overflow in the SSL_get_shared_ciphers() function. By sending specially crafted packets to applications that use this function (like Exim, MySQL, or the openssl command line tool), a remote attacker could exploit this to execute arbitrary code with the server's privileges. (CVE-2006-3738) Tavis Ormandy and Will Drewry of the Google Security Team reported that the get_server_hello() function did not sufficiently check the client's session certificate. This could be exploited to crash clients by remote attackers sending specially crafted SSL responses. (CVE-2006-4343). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 27933
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27933
    title Ubuntu 5.04 / 5.10 / 6.06 LTS : openssl vulnerabilities (USN-353-1)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2008-0013.NASL
    description I Security Issues a. OpenSSL Binaries Updated This fix updates the third-party OpenSSL library. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-3108 and CVE-2007-5135 to the issues addressed by this update. II Service Console rpm updates a. net-snmp Security update This fix upgrades the service console rpm for net-snmp to version net-snmp-5.0.9-2.30E.24. Note: this update is relevant for ESX 3.0.3. The initial advisory incorrectly stated that this update was present in ESX 3.0.3 when it was released on August 8, 2008. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2008-2292 and CVE-2008-0960 to the issues addressed in net-snmp-5.0.9-2.30E.24. b. perl Security update This fix upgrades the service console rpm for perl to version perl-5.8.0-98.EL3. Note: this update is relevant for ESX 3.0.3. The initial advisory incorrectly stated that this update was present in ESX 3.0.3 when it was released on August 8, 2008. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-1927 to the issue addressed in perl-5.8.0-98.EL3.
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 40381
    published 2009-07-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40381
    title VMSA-2008-0013 : Updated ESX packages for OpenSSL, net-snmp, perl
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_121229-02.NASL
    description SunOS 5.10: libssl patch. Date this patch was last updated by Sun : Apr/23/07
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 107376
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107376
    title Solaris 10 (sparc) : 121229-02
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0964.NASL
    description Updated OpenSSL packages that correct several security issues are now available for Red Hat Enterprise 5. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. Datagram TLS (DTLS) is a protocol based on TLS that is capable of securing datagram transport (UDP for instance). The OpenSSL security team discovered a flaw in DTLS support. An attacker could create a malicious client or server that could trigger a heap overflow. This is possibly exploitable to run arbitrary code, but it has not been verified (CVE-2007-4995). Note that this flaw only affects applications making use of DTLS. Red Hat does not ship any DTLS client or server applications in Red Hat Enterprise Linux. A flaw was found in the SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer with a single byte (CVE-2007-5135). Few applications make use of this vulnerable function and generally it is used only when applications are compiled for debugging. A number of possible side-channel attacks were discovered affecting OpenSSL. A local attacker could possibly obtain RSA private keys being used on a system. In practice these attacks would be difficult to perform outside of a lab environment. This update contains backported patches designed to mitigate these issues. (CVE-2007-3108). Users of OpenSSL should upgrade to these updated packages, which contain backported patches to resolve these issues. Please note that the fix for the DTLS flaw involved an overhaul of the DTLS handshake processing which may introduce incompatibilities if a new client is used with an older server. After installing this update, users are advised to either restart all services that use OpenSSL or restart their system.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 43658
    published 2010-01-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43658
    title CentOS 5 : openssl (CESA-2007:0964)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0964.NASL
    description From Red Hat Security Advisory 2007:0964 : Updated OpenSSL packages that correct several security issues are now available for Red Hat Enterprise 5. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. Datagram TLS (DTLS) is a protocol based on TLS that is capable of securing datagram transport (UDP for instance). The OpenSSL security team discovered a flaw in DTLS support. An attacker could create a malicious client or server that could trigger a heap overflow. This is possibly exploitable to run arbitrary code, but it has not been verified (CVE-2007-4995). Note that this flaw only affects applications making use of DTLS. Red Hat does not ship any DTLS client or server applications in Red Hat Enterprise Linux. A flaw was found in the SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer with a single byte (CVE-2007-5135). Few applications make use of this vulnerable function and generally it is used only when applications are compiled for debugging. A number of possible side-channel attacks were discovered affecting OpenSSL. A local attacker could possibly obtain RSA private keys being used on a system. In practice these attacks would be difficult to perform outside of a lab environment. This update contains backported patches designed to mitigate these issues. (CVE-2007-3108). Users of OpenSSL should upgrade to these updated packages, which contain backported patches to resolve these issues. Please note that the fix for the DTLS flaw involved an overhaul of the DTLS handshake processing which may introduce incompatibilities if a new client is used with an older server. After installing this update, users are advised to either restart all services that use OpenSSL or restart their system.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67585
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67585
    title Oracle Linux 5 : openssl (ELSA-2007-0964)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200710-06.NASL
    description The remote host is affected by the vulnerability described in GLSA-200710-06 (OpenSSL: Multiple vulnerabilities) Moritz Jodeit reported an off-by-one error in the SSL_get_shared_ciphers() function, resulting from an incomplete fix of CVE-2006-3738. A flaw has also been reported in the BN_from_montgomery() function in crypto/bn/bn_mont.c when performing Montgomery multiplication. Impact : A remote attacker sending a specially crafted packet to an application relying on OpenSSL could possibly execute arbitrary code with the privileges of the user running the application. A local attacker could perform a side channel attack to retrieve the RSA private keys. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 26946
    published 2007-10-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26946
    title GLSA-200710-06 : OpenSSL: Multiple vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_11843.NASL
    description This update of openssl fixes a off-by-one buffer overflow in function SSL_get_shared_ciphers(). This vulnerability potentially allows remote code execution; depending on memory layout of the process. (CVE-2007-5135)
    last seen 2019-02-21
    modified 2012-06-14
    plugin id 41155
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41155
    title SuSE9 Security Update : OpenSSL (YOU Patch Number 11843)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_113713.NASL
    description SunOS 5.9: pkg utilities Patch. Date this patch was last updated by Sun : Apr/05/11
    last seen 2018-09-01
    modified 2016-12-09
    plugin id 13543
    published 2004-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=13543
    title Solaris 9 (sparc) : 113713-30
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_X86_114568.NASL
    description SunOS 5.9_x86: pkg utilities Patch. Date this patch was last updated by Sun : Apr/05/11
    last seen 2018-09-02
    modified 2016-12-09
    plugin id 13606
    published 2004-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=13606
    title Solaris 9 (x86) : 114568-29
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0964.NASL
    description Updated OpenSSL packages that correct several security issues are now available for Red Hat Enterprise 5. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. Datagram TLS (DTLS) is a protocol based on TLS that is capable of securing datagram transport (UDP for instance). The OpenSSL security team discovered a flaw in DTLS support. An attacker could create a malicious client or server that could trigger a heap overflow. This is possibly exploitable to run arbitrary code, but it has not been verified (CVE-2007-4995). Note that this flaw only affects applications making use of DTLS. Red Hat does not ship any DTLS client or server applications in Red Hat Enterprise Linux. A flaw was found in the SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer with a single byte (CVE-2007-5135). Few applications make use of this vulnerable function and generally it is used only when applications are compiled for debugging. A number of possible side-channel attacks were discovered affecting OpenSSL. A local attacker could possibly obtain RSA private keys being used on a system. In practice these attacks would be difficult to perform outside of a lab environment. This update contains backported patches designed to mitigate these issues. (CVE-2007-3108). Users of OpenSSL should upgrade to these updated packages, which contain backported patches to resolve these issues. Please note that the fix for the DTLS flaw involved an overhaul of the DTLS handshake processing which may introduce incompatibilities if a new client is used with an older server. After installing this update, users are advised to either restart all services that use OpenSSL or restart their system.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 27052
    published 2007-10-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27052
    title RHEL 5 : openssl (RHSA-2007:0964)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-1003.NASL
    description Updated OpenSSL packages that correct a security issue and various bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, and is also a full-strength general-purpose cryptography library. A flaw was found in the SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer by a single byte (CVE-2007-5135). Few applications make use of this vulnerable function and generally it is used only when applications are compiled for debugging. A number of possible side-channel attacks were discovered affecting OpenSSL. A local attacker could possibly obtain RSA private keys being used on a system. In practice these attacks would be difficult to perform outside of a lab environment. This update contains backported patches to mitigate these issues. (CVE-2007-3108) As well, these updated packages fix the following bugs : * multithreaded applications could cause a segmentation fault or deadlock when calling the random number generator initialization (RAND_poll) in the OpenSSL library, for a large number of threads simultaneously. * in certain circumstances, if an application using the OpenSSL library reused the SSL session cache for multiple purposes (with various parameters of the SSL protocol), the session parameters could be mismatched. * a segmentation fault could occur when a corrupted pkcs12 file was being loaded using the 'openssl pkcs12 -in [pkcs12-file]' command, where [pkcs12-file] is the pkcs12 file. Users of OpenSSL should upgrade to these updated packages, which contain backported patches to resolve these issues. Note: After installing this update, users are advised to either restart all services that use OpenSSL or restart their system.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 67058
    published 2013-06-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67058
    title CentOS 4 : openssl (CESA-2007:1003)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-522-1.NASL
    description It was discovered that OpenSSL did not correctly perform Montgomery multiplications. Local attackers might be able to reconstruct RSA private keys by examining another user's OpenSSL processes. (CVE-2007-3108) Moritz Jodeit discovered that OpenSSL's SSL_get_shared_ciphers function did not correctly check the size of the buffer it was writing to. A remote attacker could exploit this to write one NULL byte past the end of an application's cipher list buffer, possibly leading to arbitrary code execution or a denial of service. (CVE-2007-5135). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 28127
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28127
    title Ubuntu 6.06 LTS / 6.10 / 7.04 : openssl vulnerabilities (USN-522-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-177.NASL
    description Openssl recently had several vulnerabilities which were patched (CVE-2006-2937,2940,3738,4339, 4343). Some MySQL versions are built against a static copy of the SSL libraries. As a precaution an updated copy built against the new libraries in being made available.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 24563
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24563
    title Mandrake Linux Security Advisory : MySQL (MDKSA-2006:177)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-1003.NASL
    description Updated OpenSSL packages that correct a security issue and various bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, and is also a full-strength general-purpose cryptography library. A flaw was found in the SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer by a single byte (CVE-2007-5135). Few applications make use of this vulnerable function and generally it is used only when applications are compiled for debugging. A number of possible side-channel attacks were discovered affecting OpenSSL. A local attacker could possibly obtain RSA private keys being used on a system. In practice these attacks would be difficult to perform outside of a lab environment. This update contains backported patches to mitigate these issues. (CVE-2007-3108) As well, these updated packages fix the following bugs : * multithreaded applications could cause a segmentation fault or deadlock when calling the random number generator initialization (RAND_poll) in the OpenSSL library, for a large number of threads simultaneously. * in certain circumstances, if an application using the OpenSSL library reused the SSL session cache for multiple purposes (with various parameters of the SSL protocol), the session parameters could be mismatched. * a segmentation fault could occur when a corrupted pkcs12 file was being loaded using the 'openssl pkcs12 -in [pkcs12-file]' command, where [pkcs12-file] is the pkcs12 file. Users of OpenSSL should upgrade to these updated packages, which contain backported patches to resolve these issues. Note: After installing this update, users are advised to either restart all services that use OpenSSL or restart their system.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 28243
    published 2007-11-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28243
    title RHEL 4 : openssl (RHSA-2007:1003)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0813.NASL
    description Updated OpenSSL packages that correct security issues are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. A flaw was found in the SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer with a single byte (CVE-2007-5135). Few applications make use of this vulnerable function and generally it is used only when applications are compiled for debugging. A number of possible side-channel attacks were discovered affecting OpenSSL. A local attacker could possibly obtain RSA private keys being used on a system. In practice these attacks would be difficult to perform outside of a lab environment. This update contains backported patches designed to mitigate these issues. (CVE-2007-3108). Users of OpenSSL should upgrade to these updated packages, which contain backported patches to resolve these issues. Note: After installing this update, users are advised to either restart all services that use OpenSSL or restart their system.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 27538
    published 2007-10-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27538
    title CentOS 3 : openssl (CESA-2007:0813)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_121229.NASL
    description SunOS 5.10: libssl patch. Date this patch was last updated by Sun : Apr/23/07
    last seen 2018-09-01
    modified 2018-08-13
    plugin id 20272
    published 2005-12-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20272
    title Solaris 10 (sparc) : 121229-02
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-172.NASL
    description Dr S N Henson of the OpenSSL core team and Open Network Security recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk). When the test suite was run against OpenSSL two denial of service vulnerabilities were discovered. During the parsing of certain invalid ASN1 structures an error condition is mishandled. This can result in an infinite loop which consumes system memory. (CVE-2006-2937) Certain types of public key can take disproportionate amounts of time to process. This could be used by an attacker in a denial of service attack. (CVE-2006-2940) Tavis Ormandy and Will Drewry of the Google Security Team discovered a buffer overflow in the SSL_get_shared_ciphers utility function, used by some applications such as exim and mysql. An attacker could send a list of ciphers that would overrun a buffer. (CVE-2006-3738) Tavis Ormandy and Will Drewry of the Google Security Team discovered a possible DoS in the sslv2 client code. Where a client application uses OpenSSL to make a SSLv2 connection to a malicious server that server could cause the client to crash. (CVE-2006-4343) Updated packages are patched to address these issues. Update : There was an error in the original published patches for CVE-2006-2940. New packages have corrected this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 24558
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24558
    title Mandrake Linux Security Advisory : openssl (MDKSA-2006:172-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-193.NASL
    description A flaw in how OpenSSL performed Montgomery multiplications was discovered %that could allow a local attacker to reconstruct RSA private keys by examining another user's OpenSSL processes (CVE-2007-3108). Moritz Jodeit found that OpenSSL's SSL_get_shared_ciphers() function did not correctly check the size of the buffer it was writing to. As a result, a remote attacker could exploit this to write one NULL byte past the end of the applications's cipher list buffer, which could possibly lead to a denial of service or the execution of arbitrary code (CVE-2007-5135). Updated packages have been patched to prevent these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 26950
    published 2007-10-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26950
    title Mandrake Linux Security Advisory : openssl (MDKSA-2007:193)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1379.NASL
    description An off-by-one error has been identified in the SSL_get_shared_ciphers() routine in the libssl library from OpenSSL, an implementation of Secure Socket Layer cryptographic libraries and utilities. This error could allow an attacker to crash an application making use of OpenSSL's libssl library, or potentially execute arbitrary code in the security context of the user running such an application.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 26209
    published 2007-10-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26209
    title Debian DSA-1379-1 : openssl - off-by-one error/buffer overflow
oval via4
  • accepted 2013-04-29T04:09:52.329-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.
    family unix
    id oval:org.mitre.oval:def:10904
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.
    version 24
  • accepted 2008-03-24T04:00:43.411-04:00
    class vulnerability
    contributors
    name Pai Peng
    organization Hewlett-Packard
    definition_extensions
    • comment Solaris 10 (SPARC) is installed
      oval oval:org.mitre.oval:def:1440
    • comment Solaris 10 (x86) is installed
      oval oval:org.mitre.oval:def:1926
    description Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.
    family unix
    id oval:org.mitre.oval:def:5337
    status accepted
    submitted 2008-02-14T08:25:18.000-05:00
    title Security Vulnerability in Solaris 10 OpenSSL SSL_get_shared_ciphers() Function
    version 31
redhat via4
advisories
  • bugzilla
    id 309801
    title CVE-2007-5135 openssl SSL_get_shared_ciphers() off-by-one
    oval
    AND
    • comment Red Hat Enterprise Linux 3 is installed
      oval oval:com.redhat.rhsa:tst:20060015001
    • OR
      • AND
        • comment openssl is earlier than 0:0.9.7a-33.24
          oval oval:com.redhat.rhsa:tst:20070813002
        • comment openssl is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060695003
      • AND
        • comment openssl-devel is earlier than 0:0.9.7a-33.24
          oval oval:com.redhat.rhsa:tst:20070813004
        • comment openssl-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060695005
      • AND
        • comment openssl-perl is earlier than 0:0.9.7a-33.24
          oval oval:com.redhat.rhsa:tst:20070813006
        • comment openssl-perl is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060695007
    rhsa
    id RHSA-2007:0813
    released 2007-10-22
    severity Moderate
    title RHSA-2007:0813: openssl security update (Moderate)
  • bugzilla
    id 321191
    title CVE-2007-4995 openssl dtls out of order vulnerabilitiy
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment openssl is earlier than 0:0.9.8b-8.3.el5_0.2
          oval oval:com.redhat.rhsa:tst:20070964002
        • comment openssl is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070964003
      • AND
        • comment openssl-devel is earlier than 0:0.9.8b-8.3.el5_0.2
          oval oval:com.redhat.rhsa:tst:20070964004
        • comment openssl-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070964005
      • AND
        • comment openssl-perl is earlier than 0:0.9.8b-8.3.el5_0.2
          oval oval:com.redhat.rhsa:tst:20070964006
        • comment openssl-perl is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070964007
    rhsa
    id RHSA-2007:0964
    released 2007-10-12
    severity Important
    title RHSA-2007:0964: openssl security update (Important)
  • bugzilla
    id 309801
    title CVE-2007-5135 openssl SSL_get_shared_ciphers() off-by-one
    oval
    AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhsa:tst:20060016001
    • OR
      • AND
        • comment openssl is earlier than 0:0.9.7a-43.17.el4_6.1
          oval oval:com.redhat.rhsa:tst:20071003002
        • comment openssl is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060695003
      • AND
        • comment openssl-devel is earlier than 0:0.9.7a-43.17.el4_6.1
          oval oval:com.redhat.rhsa:tst:20071003004
        • comment openssl-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060695005
      • AND
        • comment openssl-perl is earlier than 0:0.9.7a-43.17.el4_6.1
          oval oval:com.redhat.rhsa:tst:20071003006
        • comment openssl-perl is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060695007
    rhsa
    id RHSA-2007:1003
    released 2007-11-15
    severity Moderate
    title RHSA-2007:1003: openssl security and bug fix update (Moderate)
rpms
  • openssl-0:0.9.7a-33.24
  • openssl-devel-0:0.9.7a-33.24
  • openssl-perl-0:0.9.7a-33.24
  • openssl-0:0.9.8b-8.3.el5_0.2
  • openssl-devel-0:0.9.8b-8.3.el5_0.2
  • openssl-perl-0:0.9.8b-8.3.el5_0.2
  • openssl-0:0.9.7a-43.17.el4_6.1
  • openssl-devel-0:0.9.7a-43.17.el4_6.1
  • openssl-perl-0:0.9.7a-43.17.el4_6.1
refmap via4
apple APPLE-SA-2008-07-31
bid 25831
bugtraq
  • 20070927 OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow
  • 20071001 Re: OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow
  • 20071003 FLEA-2007-0058-1 openssl openssl-scripts
  • 20071004 Re: OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow
  • 20080108 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages
  • 20080123 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages
confirm
debian DSA-1379
fedora FEDORA-2007-725
freebsd FreeBSD-SA-07:08
gentoo
  • GLSA-200710-06
  • GLSA-200805-07
hp
  • HPSBUX02292
  • SSRT071499
mandriva MDKSA-2007:193
misc https://bugs.gentoo.org/show_bug.cgi?id=194039
mlist [Security-announce] 20080107 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages
netbsd NetBSD-SA2008-007
openbsd
  • [4.0] 017: SECURITY FIX: October 10, 2007
  • [4.1] 011: SECURITY FIX: October 10, 2007
  • [4.2] 002: SECURITY FIX: October 10, 2007
sectrack 1018755
secunia
  • 22130
  • 27012
  • 27021
  • 27031
  • 27051
  • 27078
  • 27097
  • 27186
  • 27205
  • 27217
  • 27229
  • 27330
  • 27394
  • 27851
  • 27870
  • 27961
  • 28368
  • 29242
  • 30124
  • 30161
  • 31308
  • 31326
  • 31467
  • 31489
sreason 3179
sunalert
  • 103130
  • 200858
suse
  • SUSE-SR:2007:020
  • SUSE-SR:2008:005
ubuntu USN-522-1
vupen
  • ADV-2007-3325
  • ADV-2007-3625
  • ADV-2007-4042
  • ADV-2007-4144
  • ADV-2008-0064
  • ADV-2008-2268
  • ADV-2008-2361
  • ADV-2008-2362
xf openssl-sslgetshared-bo(36837)
Last major update 29-08-2011 - 00:00
Published 27-09-2007 - 16:17
Last modified 15-10-2018 - 17:40
Back to Top