Moritz Jodeit reported an off-by-one error in the SSL_get_shared_ciphers() function, resulting from an incomplete fix of CVE-2006-3738. A flaw has also been reported in the BN_from_montgomery() function in crypto/bn/bn_mont.c when performing Montgomery multiplication.

Impact

A remote attacker sending a specially crafted packet to an application relying on OpenSSL could possibly execute arbitrary code with the privileges of the user running the application. A local attacker could perform a side channel attack to retrieve the RSA private keys.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=dev-libs/openssl-0.9.8e-r3"

OSVersionArchitecturePackageVersionFilename
Gentooanyalldev-libs/openssl< 0.9.8e-r3UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Gentoo	any	all	dev-libs/openssl	< 0.9.8e-r3	UNKNOWN

nessus 58

openvas 60

redhat 4

oraclelinux 3

centos 6

ubuntu 2

ubuntucve 3

prion 2

cve 3

checkpoint_advisories 1

debiancve 3

freebsd_advisory 2

fedora 4

f5 6

checkpoint_security 4

osv 4

altlinux 9

debian 8

securityvulns 4

vmware 4

seebug 1

openssl 2

cert 1

gentoo 2

slackware 1

suse 1

freebsd 1

nessus

Mandrake Linux Security Advisory : openssl (MDKSA-2007:193)

2007-10-09 00:00:00

GLSA-200710-06 : OpenSSL: Multiple vulnerabilities

2007-10-09 00:00:00

Scientific Linux Security Update : openssl on SL4.x i386/x86_64

2012-08-01 00:00:00

openvas

Gentoo Security Advisory GLSA 200710-06 (openssl)

2008-09-24 00:00:00

Gentoo Security Advisory GLSA 200710-06 (openssl)

2008-09-24 00:00:00

Mandriva Update for openssl MDKSA-2007:193 (openssl)

2009-04-09 00:00:00

redhat

(RHSA-2007:0813) Moderate: openssl security update

2007-10-22 00:00:00

(RHSA-2007:1003) Moderate: openssl security and bug fix update

2007-11-15 00:00:00

(RHSA-2007:0964) Important: openssl security update

2007-10-12 00:00:00

oraclelinux

openssl security and bug fix update

2007-11-27 00:00:00

Moderate: openssl security update

2007-10-22 00:00:00

Important: openssl security update

2007-10-12 00:00:00

centos

openssl security update

2007-11-15 15:53:13

openssl security update

2007-10-23 23:23:09

openssl security update

2007-10-22 12:29:21

ubuntu

openssl vulnerabilities

2007-09-28 00:00:00

openssl vulnerabilities

2006-09-29 00:00:00

ubuntucve

CVE-2007-5135

2007-09-27 00:00:00

CVE-2007-3108

2007-08-07 00:00:00

CVE-2006-3738

2006-09-28 00:00:00

prion

Buffer overflow

2007-09-27 20:17:00

Design/Logic Flaw

2007-08-08 01:17:00

cve

CVE-2007-5135

2007-09-27 20:17:00

CVE-2007-3108

2007-08-08 01:17:00

CVE-2006-3738

2006-09-28 18:07:00

checkpoint_advisories

OpenSSL SSL_get_shared_ciphers Function Off-by-one Buffer Overflow (CVE-2006-3738; CVE-2007-5135)

2008-01-20 00:00:00

debiancve

CVE-2007-5135

2007-09-27 20:17:00

CVE-2007-3108

2007-08-08 01:17:00

CVE-2006-3738

2006-09-28 18:07:00

freebsd_advisory

FreeBSD-SA-07:08.openssl

2007-10-03 00:00:00

FreeBSD-SA-06:23.openssl

2006-09-28 00:00:00

fedora

[SECURITY] Fedora 7 Update: openssl-0.9.8b-15.fc7

2007-10-18 02:26:18

[SECURITY] Fedora 7 Update: openssl-0.9.8b-14.fc7

2007-08-06 17:57:54

[SECURITY] Fedora Core 6 Update: openssl-0.9.8b-14.fc6

2007-08-13 21:49:38

SOL8106 - OpenSSL SSL_get_shared_ciphers vulnerability CVE-2007-5135

2007-11-15 00:00:00

K8106 : OpenSSL SSL_get_shared_ciphers vulnerability CVE-2007-5135

2013-03-27 00:00:00

K8108 : OpenSSL vulnerability CVE-2007-3108

2013-03-18 00:00:00

checkpoint_security

OpenSSLVulnerability CVE-2007-5135 on IPSO 4.2

2008-08-04 21:00:00

Check Point response to OpenSSL vulnerability CVE-2007-3108

2007-10-16 22:00:00

Check Point response to OpenSSL vulnerability CVE-2007-5135

2007-10-15 22:00:00

osv

openssl - arbitrary code execution

2007-10-02 00:00:00

openssl - predictable random number generator

2008-05-13 00:00:00

openssl096

2006-10-10 00:00:00

altlinux

Security fix for the ALT Linux 8 package openssl10 version 0.9.8d-alt4

2007-10-10 00:00:00

Security fix for the ALT Linux 9 package openssl1.1 version 0.9.8d-alt4

2007-10-10 00:00:00

Security fix for the ALT Linux 9 package openssl10 version 0.9.8d-alt3

2007-08-07 00:00:00

debian

[SECURITY] [DSA 1379-1] New openssl packages fix arbitrary code execution

2007-10-02 20:06:48

[SECURITY] [DSA 1379-1] New openssl packages fix arbitrary code execution

2007-10-02 20:06:48

[SECURITY] [DSA 1379-2] New openssl packages fix arbitrary code execution

2007-10-10 17:59:21

securityvulns

rPSA-2007-0155-1 openssl openssl-scripts

2007-08-13 00:00:00

OpenSSL cryptographic vulnerability

2007-08-13 00:00:00

VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages

2008-01-08 00:00:00

vmware

Updated ESX packages for OpenSSL, net-snmp, perl

2008-08-12 00:00:00

Updated ESX packages for OpenSSL, net-snmp, perl

2008-08-12 00:00:00

Updated service console patches.

2008-01-07 00:00:00

seebug

OpenSSL本地密钥信息泄露漏洞

2007-08-03 00:00:00

openssl

Vulnerability in OpenSSL CVE-2007-5135

2007-10-12 00:00:00

Vulnerability in OpenSSL CVE-2006-3738

2006-09-28 00:00:00

cert

RSA key reconstruction vulnerability

2007-08-01 00:00:00

gentoo

AMD64 x86 emulation base libraries: OpenSSL multiple vulnerabilities

2006-12-11 00:00:00

OpenSSL: Multiple vulnerabilities

2006-10-24 00:00:00

slackware

[slackware-security] openssl

2006-09-29 07:57:13

suse

remote denial of service in openssl

2006-09-28 16:40:53

freebsd

OpenSSL -- Multiple problems in crypto(3)

2006-09-28 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.964 High

EPSS

Percentile

99.6%

JSON

Related for GLSA-200710-06