Lucene search
Copyright (C) 2008 Greenbone AGOPENVAS:136141256231058645HistoryJan 17, 2008 - 12:00 a.m.
Debian: Security Advisory (DSA-1379-1)
2008-01-1700:00:00
Copyright (C) 2008 Greenbone AG
plugins.openvas.org
The remote host is missing an update for the Debian
# SPDX-FileCopyrightText: 2008 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.58645");
script_cve_id("CVE-2007-5135");
script_tag(name:"creation_date", value:"2008-01-17 22:19:52 +0000 (Thu, 17 Jan 2008)");
script_version("2024-02-01T14:37:10+0000");
script_tag(name:"last_modification", value:"2024-02-01 14:37:10 +0000 (Thu, 01 Feb 2024)");
script_tag(name:"cvss_base", value:"6.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_name("Debian: Security Advisory (DSA-1379-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2008 Greenbone AG");
script_family("Debian Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB(3\.1|4)");
script_xref(name:"Advisory-ID", value:"DSA-1379-1");
script_xref(name:"URL", value:"https://www.debian.org/security/2007/DSA-1379-1");
script_xref(name:"URL", value:"https://security-tracker.debian.org/tracker/DSA-1379");
script_tag(name:"summary", value:"The remote host is missing an update for the Debian 'openssl, openssl096, openssl097' package(s) announced via the DSA-1379-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"An off-by-one error has been identified in the SSL_get_shared_ciphers() routine in the libssl library from OpenSSL, an implementation of Secure Socket Layer cryptographic libraries and utilities. This error could allow an attacker to crash an application making use of OpenSSL's libssl library, or potentially execute arbitrary code in the security context of the user running such an application.
For the old stable distribution (sarge), this problem has been fixed in version 0.9.7e-3sarge5.
For the stable distribution (etch), this problem has been fixed in version 0.9.8c-4etch1.
For the unstable and testing distributions (sid and lenny, respectively), this problem has been fixed in version 0.9.8e-9.
We recommend that you upgrade your openssl packages.");
script_tag(name:"affected", value:"'openssl, openssl096, openssl097' package(s) on Debian 3.1, Debian 4.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "DEB3.1") {
if(!isnull(res = isdpkgvuln(pkg:"libcrypto0.9.7-udeb", ver:"0.9.7e-3sarge5", rls:"DEB3.1"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libssl-dev", ver:"0.9.7e-3sarge5", rls:"DEB3.1"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libssl0.9.6", ver:"0.9.6m-1sarge5", rls:"DEB3.1"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libssl0.9.7", ver:"0.9.7e-3sarge5", rls:"DEB3.1"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"openssl", ver:"0.9.7e-3sarge5", rls:"DEB3.1"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "DEB4") {
if(!isnull(res = isdpkgvuln(pkg:"libcrypto0.9.8-udeb", ver:"0.9.8c-4etch1", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libssl-dev", ver:"0.9.8c-4etch1", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libssl0.9.7", ver:"0.9.7k-3.1etch1", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libssl0.9.7-dbg", ver:"0.9.7k-3.1etch1", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libssl0.9.8", ver:"0.9.8c-4etch1", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"libssl0.9.8-dbg", ver:"0.9.8c-4etch1", rls:"DEB4"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"openssl", ver:"0.9.8c-4etch1", rls:"DEB4"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
checkpoint_security
checkpoint_security
OpenSSLVulnerability CVE-2007-5135 on IPSO 4.2
2008-08-04 21:00:00
Check Point response to OpenSSL vulnerability CVE-2007-5135
2007-10-15 22:00:00
openvas
openvas
FreeBSD Security Advisory (FreeBSD-SA-07:08.openssl.asc)
2008-09-04 00:00:00
HP-UX Update for Apache HPSBUX02292
2009-05-05 00:00:00
SLES9: Security update for OpenSSL
2009-10-10 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package openssl10 version 0.9.8d-alt4
2007-10-10 00:00:00
Security fix for the ALT Linux 9 package openssl10 version 0.9.8d-alt4
2007-10-10 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 0.9.8d-alt4
2007-10-10 00:00:00
osv
osv
openssl - arbitrary code execution
2007-10-02 00:00:00
nessus
nessus
OpenSSL < 0.9.7m / 0.9.8e Buffer Overflow (deprecated)
2012-01-04 00:00:00
SuSE 10 Security Update : compat-openssl097g (ZYPP Patch Number 5055)
2008-03-07 00:00:00
openSUSE 10 Security Update : compat-openssl097g (compat-openssl097g-5054)
2008-03-07 00:00:00
debian
debian
[SECURITY] [DSA 1379-1] New openssl packages fix arbitrary code execution
2007-10-02 20:06:48
[SECURITY] [DSA 1379-2] New openssl packages fix arbitrary code execution
2007-10-10 17:59:21
[SECURITY] [DSA 1379-1] New openssl packages fix arbitrary code execution
2007-10-02 20:06:48
cve
cve
CVE-2007-5135
2007-09-27 20:17:00
openssl
openssl
Vulnerability in OpenSSL CVE-2007-5135
2007-10-12 00:00:00
cvelist
cvelist
CVE-2007-5135
2007-09-27 20:00:00
redhat
redhat
(RHSA-2007:0813) Moderate: openssl security update
2007-10-22 00:00:00
(RHSA-2007:1003) Moderate: openssl security and bug fix update
2007-11-15 00:00:00
(RHSA-2007:0964) Important: openssl security update
2007-10-12 00:00:00
securityvulns
securityvulns
prion
prion
Buffer overflow
2007-09-27 20:17:00
oraclelinux
oraclelinux
Moderate: openssl security update
2007-10-22 00:00:00
openssl security and bug fix update
2007-11-27 00:00:00
Important: openssl security update
2007-10-12 00:00:00
centos
centos
openssl security update
2007-10-22 12:29:21
openssl security update
2007-11-15 15:53:13
openssl security update
2007-10-23 23:23:09
fedora
fedora
[SECURITY] Fedora Core 6 Update: openssl-0.9.8b-15.fc6
2007-10-15 20:05:56
[SECURITY] Fedora 7 Update: openssl-0.9.8b-15.fc7
2007-10-18 02:26:18
ubuntucve
ubuntucve
CVE-2007-5135
2007-09-27 00:00:00
ubuntu
ubuntu
openssl vulnerabilities
2007-09-28 00:00:00
checkpoint_advisories
checkpoint_advisories
freebsd_advisory
freebsd_advisory
FreeBSD-SA-07:08.openssl
2007-10-03 00:00:00
debiancve
debiancve
CVE-2007-5135
2007-09-27 20:17:00
gentoo
gentoo
OpenSSL: Multiple vulnerabilities
2007-10-07 00:00:00
AMD64 x86 emulation base libraries: Multiple vulnerabilities
2014-12-12 00:00:00
f5
f5
SOL8106 - OpenSSL SSL_get_shared_ciphers vulnerability CVE-2007-5135
2007-11-15 00:00:00
K8106 : OpenSSL SSL_get_shared_ciphers vulnerability CVE-2007-5135
2013-03-27 00:00:00
vmware
vmware
Updated ESX packages for OpenSSL, net-snmp, perl
2008-08-12 00:00:00
Updated ESX packages for OpenSSL, net-snmp, perl
2008-08-12 00:00:00
Updated service console patches.
2008-01-07 00:00:00
lenovo
lenovo
Intelยฎ PROSet/Wireless WiFi Software Vulnerabilities - Lenovo Support US
2018-11-13 17:10:51
Intelยฎ PROSet/Wireless WiFi Software Vulnerabilities - US
2018-11-13 17:10:51
8.8 High
AI Score
Confidence
High
0.61 Medium
EPSS
Percentile
97.8%
Related for OPENVAS:136141256231058645