| ID |
CVE-2007-4995
|
| Summary |
Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*
-
cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*
-
cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*
-
cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*
-
cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*
-
cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 9.3 (as of 15-10-2018 - 21:39) |
| Impact: | |
| Exploitability: | |
|
| CWE |
CWE-189 |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
MEDIUM |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| COMPLETE |
COMPLETE |
COMPLETE |
|
| cvss-vector
via4
|
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
| oval
via4
|
| accepted | 2013-04-29T04:04:20.769-04:00 | | class | vulnerability | | contributors | | name | Aharon Chernin | | organization | SCAP.com, LLC |
| name | Dragos Prisaca | | organization | G2, Inc. |
| | definition_extensions | | comment | The operating system installed on the system is Red Hat Enterprise Linux 5 | | oval | oval:org.mitre.oval:def:11414 |
| comment | The operating system installed on the system is CentOS Linux 5.x | | oval | oval:org.mitre.oval:def:15802 |
| comment | Oracle Linux 5.x | | oval | oval:org.mitre.oval:def:15459 |
| | description | Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors. | | family | unix | | id | oval:org.mitre.oval:def:10288 | | status | accepted | | submitted | 2010-07-09T03:56:16-04:00 | | title | Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors. | | version | 18 |
|
| redhat
via4
|
| advisories | | | rpms | - openssl-0:0.9.8b-8.3.el5_0.2
- openssl-debuginfo-0:0.9.8b-8.3.el5_0.2
- openssl-devel-0:0.9.8b-8.3.el5_0.2
- openssl-perl-0:0.9.8b-8.3.el5_0.2
|
|
| refmap
via4
|
| bid | 26055 | | bugtraq | 20071012 OpenSSL Security Advisory | | confirm | | | debian | DSA-1571 | | fedora | FEDORA-2007-725 | | gentoo | - GLSA-200710-30
- GLSA-200805-07
| | hp | | | mandriva | MDKSA-2007:237 | | misc | http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=738962 | | sectrack | 1018810 | | secunia | - 25878
- 27205
- 27217
- 27271
- 27363
- 27434
- 27933
- 28084
- 30161
- 30220
- 30852
| | suse | SUSE-SR:2007:021 | | ubuntu | USN-534-1 | | vupen | - ADV-2007-3487
- ADV-2007-4219
- ADV-2008-1937
| | xf | openssl-dtls-code-execution(37185) |
|
| statements
via4
|
| contributor | Mark J Cox | | lastmodified | 2007-10-24 | | organization | Red Hat | | statement | This issue did not affect the versions of OpenSSL as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. An update to correct this issue for Enterprise Linux 5 is available.
http://rhn.redhat.com/cve/CVE-2007-4995.html
Please note that the CVE description is incorrect, this issue did not affect upstream versions of OpenSSL prior to 0.9.8. |
|
| Last major update |
15-10-2018 - 21:39 |
| Published |
13-10-2007 - 01:17 |
| Last modified |
15-10-2018 - 21:39 |
