6.8

CVE-2007-5135

Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow.  NOTE: this issue was introduced as a result of a fix for CVE-2006-3738.  As of 20071012, it is unknown whether code execution is possible.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenSSLOpenSSL Version0.9.7
OpenSSLOpenSSL Version0.9.7 Updatebeta1
OpenSSLOpenSSL Version0.9.7 Updatebeta2
OpenSSLOpenSSL Version0.9.7 Updatebeta3
OpenSSLOpenSSL Version0.9.7 Updatebeta4
OpenSSLOpenSSL Version0.9.7 Updatebeta5
OpenSSLOpenSSL Version0.9.7 Updatebeta6
OpenSSLOpenSSL Version0.9.7a
OpenSSLOpenSSL Version0.9.7b
OpenSSLOpenSSL Version0.9.7c
OpenSSLOpenSSL Version0.9.7d
OpenSSLOpenSSL Version0.9.7e
OpenSSLOpenSSL Version0.9.7f
OpenSSLOpenSSL Version0.9.7g
OpenSSLOpenSSL Version0.9.7h
OpenSSLOpenSSL Version0.9.7i
OpenSSLOpenSSL Version0.9.7j
OpenSSLOpenSSL Version0.9.7k
OpenSSLOpenSSL Version0.9.7l
OpenSSLOpenSSL Version0.9.8
OpenSSLOpenSSL Version0.9.8a
OpenSSLOpenSSL Version0.9.8b
OpenSSLOpenSSL Version0.9.8c
OpenSSLOpenSSL Version0.9.8d
OpenSSLOpenSSL Version0.9.8e
OpenSSLOpenSSL Version0.9.8f
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 16.06% 0.965
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
http://secunia.com/advisories/29242
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc
http://secunia.com/advisories/22130
Vendor Advisory
http://secunia.com/advisories/30124
http://secunia.com/advisories/30161
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
http://lists.vmware.com/pipermail/security-announce/2008/000002.html
http://secunia.com/advisories/27021
Vendor Advisory
http://secunia.com/advisories/27078
Vendor Advisory
http://secunia.com/advisories/27097
Vendor Advisory
http://secunia.com/advisories/27205
Vendor Advisory
http://secunia.com/advisories/27330
Vendor Advisory
http://secunia.com/advisories/27870
Vendor Advisory
http://secunia.com/advisories/28368
Vendor Advisory
http://secunia.com/advisories/31467
http://secunia.com/advisories/31489
http://security.gentoo.org/glsa/glsa-200710-06.xml
http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm
http://www.mandriva.com/security/advisories?name=MDKSA-2007:193
http://www.redhat.com/support/errata/RHSA-2007-0813.html
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2007-0964.html
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2007-1003.html
Vendor Advisory
http://www.securityfocus.com/archive/1/485936/100/0/threaded
http://www.securityfocus.com/archive/1/486859/100/0/threaded
http://www.vmware.com/security/advisories/VMSA-2008-0001.html
http://www.vmware.com/security/advisories/VMSA-2008-0013.html
http://www.vupen.com/english/advisories/2008/0064
http://www.vupen.com/english/advisories/2008/2361
http://www.vupen.com/english/advisories/2008/2362
https://usn.ubuntu.com/522-1/
http://secunia.com/advisories/27229
Vendor Advisory
http://www.novell.com/linux/security/advisories/2007_20_sr.html
http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html
http://secunia.com/advisories/27012
Vendor Advisory
http://secunia.com/advisories/27031
Vendor Advisory
http://secunia.com/advisories/27051
Vendor Advisory
http://secunia.com/advisories/27186
Vendor Advisory
http://secunia.com/advisories/27217
Vendor Advisory
http://secunia.com/advisories/27394
Vendor Advisory
http://secunia.com/advisories/27851
Vendor Advisory
http://secunia.com/advisories/27961
Vendor Advisory
http://secunia.com/advisories/31308
http://secunia.com/advisories/31326
http://security.freebsd.org/advisories/FreeBSD-SA-07:08.openssl.asc
http://securityreason.com/securityalert/3179
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103130-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200858-1
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0241
http://www.debian.org/security/2007/dsa-1379
http://www.openbsd.org/errata40.html
http://www.openbsd.org/errata41.html
http://www.openbsd.org/errata42.html
http://www.openssl.org/news/secadv_20071012.txt
http://www.securityfocus.com/archive/1/480855/100/0/threaded
http://www.securityfocus.com/archive/1/481217/100/0/threaded
http://www.securityfocus.com/archive/1/481488/100/0/threaded
http://www.securityfocus.com/archive/1/481506/100/0/threaded
http://www.securityfocus.com/archive/1/484353/100/0/threaded
http://www.securityfocus.com/bid/25831
http://www.securitytracker.com/id?1018755
http://www.vupen.com/english/advisories/2007/3325
http://www.vupen.com/english/advisories/2007/3625
http://www.vupen.com/english/advisories/2007/4042
http://www.vupen.com/english/advisories/2007/4144
http://www.vupen.com/english/advisories/2008/2268
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4037
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4038
https://bugs.gentoo.org/show_bug.cgi?id=194039
https://exchange.xforce.ibmcloud.com/vulnerabilities/36837
https://issues.rpath.com/browse/RPL-1769
https://issues.rpath.com/browse/RPL-1770
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10904
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5337
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00218.html
Vendor Advisory