ID CVE-2007-4995
Summary Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors.
References
Vulnerable Configurations
  • cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 15-10-2018 - 21:39)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
oval via4
accepted 2013-04-29T04:04:20.769-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors.
family unix
id oval:org.mitre.oval:def:10288
status accepted
submitted 2010-07-09T03:56:16-04:00
title Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors.
version 18
redhat via4
advisories
rhsa
id RHSA-2007:0964
rpms
  • openssl-0:0.9.8b-8.3.el5_0.2
  • openssl-devel-0:0.9.8b-8.3.el5_0.2
  • openssl-perl-0:0.9.8b-8.3.el5_0.2
refmap via4
bid 26055
bugtraq 20071012 OpenSSL Security Advisory
confirm
debian DSA-1571
fedora FEDORA-2007-725
gentoo
  • GLSA-200710-30
  • GLSA-200805-07
hp
  • HPSBUX02296
  • SSRT071504
mandriva MDKSA-2007:237
misc http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=738962
sectrack 1018810
secunia
  • 25878
  • 27205
  • 27217
  • 27271
  • 27363
  • 27434
  • 27933
  • 28084
  • 30161
  • 30220
  • 30852
suse SUSE-SR:2007:021
ubuntu USN-534-1
vupen
  • ADV-2007-3487
  • ADV-2007-4219
  • ADV-2008-1937
xf openssl-dtls-code-execution(37185)
statements via4
contributor Mark J Cox
lastmodified 2007-10-24
organization Red Hat
statement This issue did not affect the versions of OpenSSL as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. An update to correct this issue for Enterprise Linux 5 is available. http://rhn.redhat.com/cve/CVE-2007-4995.html Please note that the CVE description is incorrect, this issue did not affect upstream versions of OpenSSL prior to 0.9.8.
Last major update 15-10-2018 - 21:39
Published 13-10-2007 - 01:17
Back to Top