CVE-2007-5135

Severity

68%

Complexity

86%

Confidentiality

106%

Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.

Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.

CVSS 2.0 Base Score 6.8. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P).

Overview

Type

OpenSSL Project OpenSSL

First reported 17 years ago

2007-09-27 20:17:00

Last updated 6 years ago

2018-10-15 21:40:00

Affected Software

OpenSSL Project OpenSSL 0.9.7

0.9.7

OpenSSL Project OpenSSL 0.9.7 beta1

0.9.7

OpenSSL Project OpenSSL 0.9.7 beta2

0.9.7

OpenSSL Project OpenSSL 0.9.7 beta3

0.9.7

OpenSSL Project OpenSSL 0.9.7 Beta4

0.9.7

OpenSSL Project OpenSSL 0.9.7 Beta5

0.9.7

OpenSSL Project OpenSSL 0.9.7 Beta6

0.9.7

OpenSSL Project OpenSSL 0.9.7a

0.9.7a

OpenSSL Project OpenSSL 0.9.7b

0.9.7b

OpenSSL Project OpenSSL 0.9.7c

0.9.7c

OpenSSL Project OpenSSL 0.9.7d

0.9.7d

OpenSSL Project OpenSSL 0.9.7e

0.9.7e

OpenSSL Project OpenSSL 0.9.7f

0.9.7f

OpenSSL Project OpenSSL 0.9.7g

0.9.7g

OpenSSL Project OpenSSL 0.9.7h

0.9.7h

OpenSSL Project OpenSSL 0.9.7i

0.9.7i

OpenSSL Project OpenSSL 0.9.7j

0.9.7j

OpenSSL Project OpenSSL 0.9.7k

0.9.7k

OpenSSL Project OpenSSL 0.9.7l

0.9.7l

OpenSSL Project OpenSSL 0.9.8

0.9.8

OpenSSL Project OpenSSL 0.9.8a

0.9.8a

OpenSSL Project OpenSSL 0.9.8b

0.9.8b

OpenSSL Project OpenSSL 0.9.8c

0.9.8c

OpenSSL Project OpenSSL 0.9.8d

0.9.8d

OpenSSL Project OpenSSL 0.9.8e

0.9.8e

OpenSSL Project OpenSSL 0.9.8f

0.9.8f

References

NetBSD-SA2008-007

APPLE-SA-2008-07-31

SUSE-SR:2008:005

[Security-announce] 20080107 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages

22130

Vendor Advisory

27012

Vendor Advisory

27021

Vendor Advisory

27031

Vendor Advisory

27051

Vendor Advisory

27078

Vendor Advisory

27097

Vendor Advisory

27186

Vendor Advisory

27205

Vendor Advisory

27217

Vendor Advisory

27229

Vendor Advisory

27330

Vendor Advisory

27394

Vendor Advisory

27851

Vendor Advisory

27870

Vendor Advisory

27961

Vendor Advisory

28368

Vendor Advisory

29242

30124

30161

31308

31326

31467

31489

FreeBSD-SA-07:08

GLSA-200710-06

3179

103130

200858

http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm

http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0241

DSA-1379

GLSA-200805-07

MDKSA-2007:193

SUSE-SR:2007:020

[4.0] 017: SECURITY FIX: October 10, 2007

[4.1] 011: SECURITY FIX: October 10, 2007

[4.2] 002: SECURITY FIX: October 10, 2007

http://www.openssl.org/news/secadv_20071012.txt

RHSA-2007:0813

Vendor Advisory

RHSA-2007:0964

Vendor Advisory

RHSA-2007:1003

Vendor Advisory

20070927 OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow

20071001 Re: OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow

20071003 FLEA-2007-0058-1 openssl openssl-scripts

20071004 Re: OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow

HPSBUX02292

20080108 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages

20080123 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages

25831

1018755

http://www.vmware.com/security/advisories/VMSA-2008-0001.html

http://www.vmware.com/security/advisories/VMSA-2008-0013.html

ADV-2007-3325

ADV-2007-3625

ADV-2007-4042

ADV-2007-4144

ADV-2008-0064

ADV-2008-2268

ADV-2008-2361

ADV-2008-2362

http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4037

http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4038

https://bugs.gentoo.org/show_bug.cgi?id=194039

openssl-sslgetshared-bo(36837)

https://issues.rpath.com/browse/RPL-1769

https://issues.rpath.com/browse/RPL-1770

oval:org.mitre.oval:def:10904

oval:org.mitre.oval:def:5337

USN-522-1

FEDORA-2007-725

Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.