GoogleOSV:DSA-1379-1

HistoryOct 02, 2007 - 12:00 a.m.

openssl - arbitrary code execution

Vulners
Osv
openssl - arbitrary code execution

2007-10-0200:00:00

Google

osv.dev

0.58 Medium

EPSS

Percentile

97.7%

JSON

An off-by-one error has been identified in the SSL_get_shared_ciphers()
routine in the libssl library from OpenSSL, an implementation of Secure
Socket Layer cryptographic libraries and utilities. This error could
allow an attacker to crash an application making use of OpenSSL’s libssl
library, or potentially execute arbitrary code in the security context
of the user running such an application.

For the old stable distribution (sarge), this problem has been fixed in version
0.9.7e-3sarge5.

For the stable distribution (etch), this problem has been fixed in
version 0.9.8c-4etch1.

For the unstable and testing distributions (sid and lenny, respectively),
this problem has been fixed in version 0.9.8e-9.

We recommend that you upgrade your openssl packages.

CPENameOperatorVersion
openssl097eq0.9.7k-3.1

CPE	Name	Operator	Version
	openssl097	eq	0.9.7k-3.1

References

www.debian.org/security/2007/dsa-1379

nessus 42

openvas 35

debian 4

checkpoint_security 2

altlinux 3

openssl 1

redhat 3

cvelist 1

oraclelinux 6

centos 4

ubuntu 1

fedora 2

ubuntucve 1

cve 1

securityvulns 2

prion 1

nvd 1

checkpoint_advisories 1

debiancve 1

freebsd_advisory 1

gentoo 2

f5 2

vmware 4

lenovo 2

nessus

SuSE 10 Security Update : compat-openssl097g (ZYPP Patch Number 5055)

2008-03-07 00:00:00

OpenSSL < 0.9.7m / 0.9.8e Buffer Overflow (deprecated)

2012-01-04 00:00:00

SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 4477)

2007-12-13 00:00:00

openvas

FreeBSD Security Advisory (FreeBSD-SA-07:08.openssl.asc)

2008-09-04 00:00:00

SLES9: Security update for OpenSSL

2009-10-10 00:00:00

SLES10: Security update for compat-openssl097g

2009-10-13 00:00:00

debian

[SECURITY] [DSA 1379-1] New openssl packages fix arbitrary code execution

2007-10-02 20:06:48

[SECURITY] [DSA 1379-1] New openssl packages fix arbitrary code execution

2007-10-02 20:06:48

[SECURITY] [DSA 1379-2] New openssl packages fix arbitrary code execution

2007-10-10 17:59:21

checkpoint_security

OpenSSLVulnerability CVE-2007-5135 on IPSO 4.2

2008-08-04 21:00:00

Check Point response to OpenSSL vulnerability CVE-2007-5135

2007-10-15 22:00:00

altlinux

Security fix for the ALT Linux 8 package openssl10 version 0.9.8d-alt4

2007-10-10 00:00:00

Security fix for the ALT Linux 9 package openssl10 version 0.9.8d-alt4

2007-10-10 00:00:00

Security fix for the ALT Linux 9 package openssl1.1 version 0.9.8d-alt4

2007-10-10 00:00:00

openssl

Vulnerability in OpenSSL CVE-2007-5135

2007-10-12 00:00:00

redhat

(RHSA-2007:0813) Moderate: openssl security update

2007-10-22 00:00:00

(RHSA-2007:1003) Moderate: openssl security and bug fix update

2007-11-15 00:00:00

(RHSA-2007:0964) Important: openssl security update

2007-10-12 00:00:00

cvelist

CVE-2007-5135

2007-09-27 20:00:00

oraclelinux

openssl security and bug fix update

2007-11-27 00:00:00

Moderate: openssl security update

2007-10-22 00:00:00

Important: openssl security update

2007-10-12 00:00:00

centos

openssl security update

2007-11-15 15:53:13

openssl security update

2007-10-23 23:23:09

openssl security update

2007-10-22 12:29:21

ubuntu

openssl vulnerabilities

2007-09-28 00:00:00

fedora

[SECURITY] Fedora Core 6 Update: openssl-0.9.8b-15.fc6

2007-10-15 20:05:56

[SECURITY] Fedora 7 Update: openssl-0.9.8b-15.fc7

2007-10-18 02:26:18

ubuntucve

CVE-2007-5135

2007-09-27 00:00:00

cve

CVE-2007-5135

2007-09-27 20:17:00

securityvulns

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070326 Thunderbird/2.0.0.0 Mnenhy/0.7.4.0

2007-10-13 00:00:00

VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages

2008-01-08 00:00:00

prion

Buffer overflow

2007-09-27 20:17:00

nvd

CVE-2007-5135

2007-09-27 20:17:00

checkpoint_advisories

OpenSSL SSL_get_shared_ciphers Function Off-by-one Buffer Overflow (CVE-2006-3738; CVE-2007-5135)

2008-01-20 00:00:00

debiancve

CVE-2007-5135

2007-09-27 20:17:00

freebsd_advisory

FreeBSD-SA-07:08.openssl

2007-10-03 00:00:00

gentoo

OpenSSL: Multiple vulnerabilities

2007-10-07 00:00:00

AMD64 x86 emulation base libraries: Multiple vulnerabilities

2014-12-12 00:00:00

SOL8106 - OpenSSL SSL_get_shared_ciphers vulnerability CVE-2007-5135

2007-11-15 00:00:00

K8106 : OpenSSL SSL_get_shared_ciphers vulnerability CVE-2007-5135

2013-03-27 00:00:00

vmware

Updated ESX packages for OpenSSL, net-snmp, perl

2008-08-12 00:00:00

Updated ESX packages for OpenSSL, net-snmp, perl

2008-08-12 00:00:00

Updated service console patches.

2008-01-07 00:00:00

lenovo

Intel® PROSet/Wireless WiFi Software Vulnerabilities - US

2018-11-13 17:10:51

Intel® PROSet/Wireless WiFi Software Vulnerabilities - Lenovo Support US

2018-11-13 17:10:51

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

openssl - arbitrary code execution

References

Related