Oracle: Security Advisory (ELSA-2007-0964)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Scientific Linux Security Update : openssl on SL4.x i386/x86_64

A flaw was found in the SSLgetsharedciphers utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer by a single byte CVE-2007-5135. Few applications make use of this vulnerable function and generally it is used only when applicatio...

Scientific Linux Security Update : openssl on SL3.x i386/x86_64

A flaw was found in the SSLgetsharedciphers utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer with a single byte CVE-2007-5135. Few applications make use of this vulnerable function and generally it is used only when...

Mandriva Update for openssl MDKSA-2007:193 (openssl)

Check for the Version of openssl OpenVAS Vulnerability Test Mandriva Update for openssl MDKSA-2007:193 openssl Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

Mandriva Update for openssl MDKSA-2007:193 (openssl)

Check for the Version of openssl OpenVAS Vulnerability Test Mandriva Update for openssl MDKSA-2007:193 openssl Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

Ubuntu Update for openssl vulnerabilities USN-522-1

Ubuntu Update for Linux kernel vulnerabilities USN-522-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN5221.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for openssl vulnerabilities USN-522-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

SuSE 10 Security Update : compat-openssl097g (ZYPP Patch Number 5055)

This update of openssl fixes a off-by-one buffer overflow in function SSLgetsharedciphers. This vulnerability potentially allows remote code execution; depending on memory layout of the process. CVE-2007-5135 We released updates for openssl already, but an update for the compat 0.9.7g openssl...

OpenSSL SSL_get_shared_ciphers Function Off-by-one Buffer Overflow (CVE-2006-3738; CVE-2007-5135)

OpenSSL is an open-source implementation of the SSL protocol. The OpenSSL core library provides various utility functions. A buffer overflow vulnerability has been reported in the OpenSSL library. The vulnerability is due to an error in the OpenSSL SSLgetsharedciphers function that fails to...

SuSE 10 Security Update : compat-openssl097g (ZYPP Patch Number 2163)

A buffer overflow condition within the SSLgetsharedciphers function and a DoS condition known as 'parasitic public keys' have been fixed. The later problem allowed attackers to trick the OpenSSL engine to spend an extraordinary amount of time to process public keys. The following CAN numbers have...

SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 4477)

This update of openssl fixes a off-by-one buffer overflow in function SSLgetsharedciphers. This vulnerability potentially allows remote code execution; depending on memory layout of the process. CVE-2007-5135 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin...

Fedora Core 6 : openssl-0.9.8b-15.fc6 (2007-725)

Fri Oct 12 2007 Tomas Mraz 0.9.8b-15 - fix CVE-2007-5135 - off-by-one in SSLgetsharedciphers 309801 - fix CVE-2007-4995 - out of order DTLS fragments buffer overflow 321191 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory...

Important: Red Hat Security Advisory: openssl security update

Updated OpenSSL packages that correct several security issues are now available for Red Hat Enterprise 5. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements Secure Sockets Layer SSL v2/v3 and Transport Layer...

Vulnerability in OpenSSL CVE-2007-5135

A flaw was found in the SSLgetsharedciphers utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer with a single byte. Few applications make use of this vulnerable function and generally it is used only when applications are...

[SECURITY] [DSA 1379-2] New openssl packages fix arbitrary code execution

------------------------------------------------------------------------ Debian Security Advisory DSA-1379-2 [email protected] http://www.debian.org/security/ Noah Meyerhans October 10, 2007 - ------------------------------------------------------------------------ Package : openssl097,...

Security fix for the ALT Linux 8 package openssl10 version 0.9.8d-alt4

Oct. 10, 2007 Dmitry V. Levin 0.9.8d-alt4 - Backported upstream fix for off-by-one bug in the SSLgetsharedciphers function CVE-2007-5135...

Security fix for the ALT Linux 9 package openssl10 version 0.9.8d-alt4

Oct. 10, 2007 Dmitry V. Levin 0.9.8d-alt4 - Backported upstream fix for off-by-one bug in the SSLgetsharedciphers function CVE-2007-5135...

Security fix for the ALT Linux 9 package openssl1.1 version 0.9.8d-alt4

Oct. 10, 2007 Dmitry V. Levin 0.9.8d-alt4 - Backported upstream fix for off-by-one bug in the SSLgetsharedciphers function CVE-2007-5135...

OpenSSL SSL_Get_Shared_Ciphers单字节缓冲区溢出漏洞

OpenSSL是一款开放源代码的SSL v2/v3和TLS v1协议实现。 OpenSSL包含的SSLgetsharedciphers函数存在缓冲区溢出，远程攻击者可以利用漏洞以应用程序进程权限执行任意指令。 问题存在于如下代码中ssl/ssllib.c: p=buf; sk=s-session-ciphers; for i=0; iskSSLCIPHERnumsk; i++ / Decrement for either the ':' or a '\0' / len--; 4 c=skSSLCIPHERvaluesk,i; for cp=c-name; cp; if len-- = 0...

USN-522-1: openssl vulnerabilities

It was discovered that OpenSSL did not correctly perform Montgomery multiplications. Local attackers might be able to reconstruct RSA private keys by examining another user's OpenSSL processes. CVE-2007-3108 Moritz Jodeit discovered that OpenSSL's SSLgetsharedciphers function did not correctly...

OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow

----------------------------------------------------------------- OpenSSL SSLgetsharedciphers off-by-one buffer overflow Copyright c 2007 Moritz Jodeit [email protected] 2007/09/27 ----------------------------------------------------------------- Application details: OpenSSL is a widely used open...