Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2007-5135HistorySep 27, 2007 - 8:17 p.m.
CVE-2007-5135
2007-09-2720:17:00
Debian Security Bug Tracker
security-tracker.debian.org
29
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.964 High
EPSS
Percentile
99.6%
Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | openssl | < 0.9.8e-9 | openssl_0.9.8e-9_all.deb |
| Debian | 11 | all | openssl | < 0.9.8e-9 | openssl_0.9.8e-9_all.deb |
| Debian | 999 | all | openssl | < 0.9.8e-9 | openssl_0.9.8e-9_all.deb |
| Debian | 13 | all | openssl | < 0.9.8e-9 | openssl_0.9.8e-9_all.deb |
Related
cvelist
cvelist
CVE-2007-5135
2007-09-27 20:00:00
CVE-2006-3738
2006-09-28 18:00:00
cve
cve
CVE-2007-5135
2007-09-27 20:17:00
CVE-2006-3738
2006-09-28 18:07:00
ubuntucve
ubuntucve
CVE-2007-5135
2007-09-27 00:00:00
CVE-2006-3738
2006-09-28 00:00:00
prion
prion
Buffer overflow
2007-09-27 20:17:00
nvd
nvd
CVE-2007-5135
2007-09-27 20:17:00
CVE-2006-3738
2006-09-28 18:07:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-07:08.openssl
2007-10-03 00:00:00
FreeBSD-SA-06:23.openssl
2006-09-28 00:00:00
checkpoint_advisories
checkpoint_advisories
nessus
nessus
OpenSSL 0.9.8 < 0.9.8f Multiple Vulnerabilities
2012-01-04 00:00:00
GLSA-200710-06 : OpenSSL: Multiple vulnerabilities
2007-10-09 00:00:00
Mandrake Linux Security Advisory : openssl (MDKSA-2007:193)
2007-10-09 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200710-06 (openssl)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200710-06 (openssl)
2008-09-24 00:00:00
FreeBSD Security Advisory (FreeBSD-SA-07:08.openssl.asc)
2008-09-04 00:00:00
gentoo
gentoo
OpenSSL: Multiple vulnerabilities
2007-10-07 00:00:00
AMD64 x86 emulation base libraries: OpenSSL multiple vulnerabilities
2006-12-11 00:00:00
OpenSSL: Multiple vulnerabilities
2006-10-24 00:00:00
f5
f5
SOL8106 - OpenSSL SSL_get_shared_ciphers vulnerability CVE-2007-5135
2007-11-15 00:00:00
K8106 : OpenSSL SSL_get_shared_ciphers vulnerability CVE-2007-5135
2013-03-27 00:00:00
checkpoint_security
checkpoint_security
OpenSSLVulnerability CVE-2007-5135 on IPSO 4.2
2008-08-04 21:00:00
Check Point response to OpenSSL vulnerability CVE-2007-5135
2007-10-15 22:00:00
Check Point response to OpenSSL vulnerability CVE-2006-3738
2007-10-27 22:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package openssl10 version 0.9.8d-alt4
2007-10-10 00:00:00
Security fix for the ALT Linux 9 package openssl10 version 0.9.8d-alt4
2007-10-10 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 0.9.8d-alt4
2007-10-10 00:00:00
osv
osv
openssl - arbitrary code execution
2007-10-02 00:00:00
openssl096
2006-10-10 00:00:00
openssl
2006-09-28 00:00:00
debian
debian
[SECURITY] [DSA 1379-1] New openssl packages fix arbitrary code execution
2007-10-02 20:06:48
[SECURITY] [DSA 1379-2] New openssl packages fix arbitrary code execution
2007-10-10 17:59:21
[SECURITY] [DSA 1379-1] New openssl packages fix arbitrary code execution
2007-10-02 20:06:48
openssl
openssl
Vulnerability in OpenSSL CVE-2007-5135
2007-10-12 00:00:00
Vulnerability in OpenSSL CVE-2006-3738
2006-09-28 00:00:00
debiancve
debiancve
CVE-2006-3738
2006-09-28 18:07:00
redhat
redhat
(RHSA-2007:0813) Moderate: openssl security update
2007-10-22 00:00:00
(RHSA-2007:1003) Moderate: openssl security and bug fix update
2007-11-15 00:00:00
(RHSA-2007:0964) Important: openssl security update
2007-10-12 00:00:00
oraclelinux
oraclelinux
openssl security and bug fix update
2007-11-27 00:00:00
Moderate: openssl security update
2007-10-22 00:00:00
Important: openssl security update
2007-10-12 00:00:00
centos
centos
openssl security update
2007-11-15 15:53:13
openssl security update
2007-10-23 23:23:09
openssl security update
2007-10-22 12:29:21
fedora
fedora
[SECURITY] Fedora Core 6 Update: openssl-0.9.8b-15.fc6
2007-10-15 20:05:56
[SECURITY] Fedora 7 Update: openssl-0.9.8b-15.fc7
2007-10-18 02:26:18
ubuntu
ubuntu
openssl vulnerabilities
2007-09-28 00:00:00
openssl vulnerabilities
2006-09-29 00:00:00
securityvulns
securityvulns
suse
suse
remote denial of service in openssl
2006-09-28 16:40:53
slackware
slackware
[slackware-security] openssl
2006-09-29 07:57:13
vmware
vmware
Updated ESX packages for OpenSSL, net-snmp, perl
2008-08-12 00:00:00
Updated ESX packages for OpenSSL, net-snmp, perl
2008-08-12 00:00:00
freebsd
freebsd
OpenSSL -- Multiple problems in crypto(3)
2006-09-28 00:00:00
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.964 High
EPSS
Percentile
99.6%
Related for DEBIANCVE:CVE-2007-5135