Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:2297
HistoryOct 15, 2007 - 12:00 a.m.

OpenSSL DTLS远程堆溢出漏洞

2007-10-1500:00:00
Root
www.seebug.org
36

0.115 Low

EPSS

Percentile

94.7%

JSON

BUGTRAQ ID: 26055
CVE(CAN) ID: CVE-2007-4995

OpenSSL是一种开放源码的SSL实现,用来实现网络通信的高强度加密,现在被广泛地用于各种网络应用程序中。

OpenSSL的DTLS支持中存在漏洞,攻击者可以创建能够触发堆溢出的恶意客户端或服务器,导致执行任意指令。

请注意这个漏洞仅影响使用DTLS的应用程序。

OpenSSL Project OpenSSL 0.9.8f
OpenSSL Project OpenSSL 0.9.8
RedHat Linux 5.0
OpenSSL Project

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

<a href=“http://www.openssl.org/source/openssl-0.9.8f.tar.gz” target=“_blank”>http://www.openssl.org/source/openssl-0.9.8f.tar.gz</a>

RedHat

RedHat已经为此发布了一个安全公告(RHSA-2007:0964-01)以及相应补丁:
RHSA-2007:0964-01:Important: openssl security update
链接:<a href=“https://www.redhat.com/support/errata/RHSA-2007-0964.html” target=“_blank”>https://www.redhat.com/support/errata/RHSA-2007-0964.html</a>

Related

nessus 17
openvas 21
prion 1
debiancve 1
f5 2
cve 1
gentoo 2
ubuntucve 1
checkpoint_security 1
ubuntu 1
securityvulns 2
openssl 1
fedora 2
redhat 1
oraclelinux 4
osv 1
debian 1
centos 1
lenovo 2
nessus
nessus
openSUSE 10 Security Update : libopenssl-devel (libopenssl-devel-4560)
2007-10-24 00:00:00
Mandrake Linux Security Advisory : openssl (MDKSA-2007:237)
2007-12-07 00:00:00
GLSA-200710-30 : OpenSSL: Remote execution of arbitrary code
2007-10-31 00:00:00
openvas
openvas
Ubuntu Update for openssl vulnerability USN-534-1
2009-03-23 00:00:00
Gentoo Security Advisory GLSA 200710-30 (openssl)
2008-09-24 00:00:00
Ubuntu: Security Advisory (USN-534-1)
2009-03-23 00:00:00
prion
prion
Code injection
2007-10-13 01:17:00
debiancve
debiancve
CVE-2007-4995
2007-10-13 01:17:00
f5
f5
SOL8837 - OpenSSL DTLS off-by-one error - CVE-2007-4995
2008-06-17 00:00:00
K8837 : OpenSSL DTLS off-by-one error - CVE-2007-4995
2013-03-18 00:00:00
cve
cve
CVE-2007-4995
2007-10-13 01:17:00
gentoo
gentoo
OpenSSL: Remote execution of arbitrary code
2007-10-27 00:00:00
AMD64 x86 emulation base libraries: Multiple vulnerabilities
2014-12-12 00:00:00
ubuntucve
ubuntucve
CVE-2007-4995
2007-10-12 00:00:00
checkpoint_security
checkpoint_security
OpenSSL Vulnerability CVE-2007-4995
2007-10-16 22:00:00
ubuntu
ubuntu
OpenSSL vulnerability
2007-10-22 00:00:00
securityvulns
securityvulns
OpenSSL DTLS code execution
2007-10-13 00:00:00
Mozilla/5.0 &#40;Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3&#41; Gecko/20070326 Thunderbird/2.0.0.0 Mnenhy/0.7.4.0
2007-10-13 00:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2007-4995
2007-10-12 00:00:00
fedora
fedora
[SECURITY] Fedora Core 6 Update: openssl-0.9.8b-15.fc6
2007-10-15 20:05:56
[SECURITY] Fedora 7 Update: openssl-0.9.8b-15.fc7
2007-10-18 02:26:18
redhat
redhat
(RHSA-2007:0964) Important: openssl security update
2007-10-12 00:00:00
oraclelinux
oraclelinux
Important: openssl security update
2007-10-12 00:00:00
openssl-fips security update
2015-04-02 00:00:00
openssl security update
2019-03-13 00:00:00
osv
osv
openssl - predictable random number generator
2008-05-13 00:00:00
debian
debian
[SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
2008-05-13 12:06:39
centos
centos
openssl security update
2007-10-18 00:46:44
lenovo
lenovo
Intel® PROSet/Wireless WiFi Software Vulnerabilities - Lenovo Support US
2018-11-13 17:10:51
Intel® PROSet/Wireless WiFi Software Vulnerabilities - US
2018-11-13 17:10:51

0.115 Low

EPSS

Percentile

94.7%

JSON
Related for SSV:2297
nessus17openvas21prion1debiancve1f52cve1gentoo2ubuntucve1checkpoint_security1ubuntu1securityvulns2openssl1fedora2redhat1oraclelinux4osv1debian1centos1lenovo2