OpenSSL vulnerability

2007-10-2200:00:00

ubuntu.com

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.9 High

AI Score

Confidence

High

0.177 Low

EPSS

Percentile

96.2%

JSON

Releases

Ubuntu 7.10
Ubuntu 7.04
Ubuntu 6.10
Ubuntu 6.06

Packages

openssl -

Details

Andy Polyakov discovered that the DTLS implementation in OpenSSL
was vulnerable. A remote attacker could send a specially crafted
connection request to services using DTLS and execute arbitrary code
with the service’s privileges. There are no known Ubuntu applications
that are currently using DTLS.

OSVersionArchitecturePackageVersionFilename
Ubuntu7.10noarchlibssl0.9.8< 0.9.8e-5ubuntu3.1UNKNOWN
Ubuntu7.10noarchlibcrypto0.9.8-udeb< 0.9.8e-5ubuntu3.1UNKNOWN
Ubuntu7.10noarchlibssl-dev< 0.9.8e-5ubuntu3.1UNKNOWN
Ubuntu7.10noarchlibssl0.9.8-dbg< 0.9.8e-5ubuntu3.1UNKNOWN
Ubuntu7.10noarchopenssl< 0.9.8e-5ubuntu3.1UNKNOWN
Ubuntu7.04noarchlibssl0.9.8< 0.9.8c-4ubuntu0.2UNKNOWN
Ubuntu7.04noarchlibcrypto0.9.8-udeb< 0.9.8c-4ubuntu0.2UNKNOWN
Ubuntu7.04noarchlibssl-dev< 0.9.8c-4ubuntu0.2UNKNOWN
Ubuntu7.04noarchlibssl0.9.8-dbg< 0.9.8c-4ubuntu0.2UNKNOWN
Ubuntu7.04noarchopenssl< 0.9.8c-4ubuntu0.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	7.10	noarch	libssl0.9.8	< 0.9.8e-5ubuntu3.1	UNKNOWN
Ubuntu	7.10	noarch	libcrypto0.9.8-udeb	< 0.9.8e-5ubuntu3.1	UNKNOWN
Ubuntu	7.10	noarch	libssl-dev	< 0.9.8e-5ubuntu3.1	UNKNOWN
Ubuntu	7.10	noarch	libssl0.9.8-dbg	< 0.9.8e-5ubuntu3.1	UNKNOWN
Ubuntu	7.10	noarch	openssl	< 0.9.8e-5ubuntu3.1	UNKNOWN
Ubuntu	7.04	noarch	libssl0.9.8	< 0.9.8c-4ubuntu0.2	UNKNOWN
Ubuntu	7.04	noarch	libcrypto0.9.8-udeb	< 0.9.8c-4ubuntu0.2	UNKNOWN
Ubuntu	7.04	noarch	libssl-dev	< 0.9.8c-4ubuntu0.2	UNKNOWN
Ubuntu	7.04	noarch	libssl0.9.8-dbg	< 0.9.8c-4ubuntu0.2	UNKNOWN
Ubuntu	7.04	noarch	openssl	< 0.9.8c-4ubuntu0.2	UNKNOWN