Lucene search
UbuntuUSN-522-1HistorySep 28, 2007 - 12:00 a.m.
openssl vulnerabilities
2007-09-2800:00:00
ubuntu.com
53
9.1 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.576 Medium
EPSS
Percentile
97.7%
Releases
- Ubuntu 7.04
- Ubuntu 6.10
- Ubuntu 6.06
Packages
- openssl -
Details
It was discovered that OpenSSL did not correctly perform Montgomery
multiplications. Local attackers might be able to reconstruct RSA
private keys by examining another user’s OpenSSL processes. (CVE-2007-3108)
Moritz Jodeit discovered that OpenSSL’s SSL_get_shared_ciphers function
did not correctly check the size of the buffer it was writing to.
A remote attacker could exploit this to write one NULL byte past the end of
an application’s cipher list buffer, possibly leading to arbitrary code
execution or a denial of service. (CVE-2007-5135)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 7.04 | noarch | libssl0.9.8 | < 0.9.8c-4ubuntu0.1 | UNKNOWN |
| Ubuntu | 7.04 | noarch | libcrypto0.9.8-udeb | < 0.9.8c-4ubuntu0.1 | UNKNOWN |
| Ubuntu | 7.04 | noarch | libssl-dev | < 0.9.8c-4ubuntu0.1 | UNKNOWN |
| Ubuntu | 7.04 | noarch | libssl0.9.8-dbg | < 0.9.8c-4ubuntu0.1 | UNKNOWN |
| Ubuntu | 7.04 | noarch | openssl | < 0.9.8c-4ubuntu0.1 | UNKNOWN |
| Ubuntu | 6.10 | noarch | libssl0.9.8 | < 0.9.8b-2ubuntu2.1 | UNKNOWN |
| Ubuntu | 6.10 | noarch | libcrypto0.9.8-udeb | < 0.9.8b-2ubuntu2.1 | UNKNOWN |
| Ubuntu | 6.10 | noarch | libssl-dev | < 0.9.8b-2ubuntu2.1 | UNKNOWN |
| Ubuntu | 6.10 | noarch | libssl0.9.8-dbg | < 0.9.8b-2ubuntu2.1 | UNKNOWN |
| Ubuntu | 6.10 | noarch | openssl | < 0.9.8b-2ubuntu2.1 | UNKNOWN |
Related
redhat
redhat
(RHSA-2007:0813) Moderate: openssl security update
2007-10-22 00:00:00
(RHSA-2007:1003) Moderate: openssl security and bug fix update
2007-11-15 00:00:00
(RHSA-2007:0964) Important: openssl security update
2007-10-12 00:00:00
nessus
nessus
Scientific Linux Security Update : openssl on SL4.x i386/x86_64
2012-08-01 00:00:00
CentOS 3 : openssl (CESA-2007:0813)
2007-10-25 00:00:00
RHEL 2.1 / 3 : openssl (RHSA-2007:0813)
2007-10-25 00:00:00
oraclelinux
oraclelinux
Moderate: openssl security update
2007-10-22 00:00:00
openssl security and bug fix update
2007-11-27 00:00:00
Important: openssl security update
2007-10-12 00:00:00
openvas
openvas
Ubuntu Update for openssl vulnerabilities USN-522-1
2009-03-23 00:00:00
Mandriva Update for openssl MDKSA-2007:193 (openssl)
2009-04-09 00:00:00
Mandriva Update for openssl MDKSA-2007:193 (openssl)
2009-04-09 00:00:00
centos
centos
openssl security update
2007-10-22 12:29:21
openssl security update
2007-10-23 23:23:09
openssl security update
2007-11-15 15:53:13
gentoo
gentoo
OpenSSL: Multiple vulnerabilities
2007-10-07 00:00:00
AMD64 x86 emulation base libraries: Multiple vulnerabilities
2014-12-12 00:00:00
fedora
fedora
[SECURITY] Fedora 7 Update: openssl-0.9.8b-15.fc7
2007-10-18 02:26:18
[SECURITY] Fedora 7 Update: openssl-0.9.8b-14.fc7
2007-08-06 17:57:54
[SECURITY] Fedora Core 6 Update: openssl-0.9.8b-14.fc6
2007-08-13 21:49:38
checkpoint_security
checkpoint_security
OpenSSLVulnerability CVE-2007-5135 on IPSO 4.2
2008-08-04 21:00:00
Check Point response to OpenSSL vulnerability CVE-2007-3108
2007-10-16 22:00:00
Check Point response to OpenSSL vulnerability CVE-2007-5135
2007-10-15 22:00:00
osv
osv
openssl - arbitrary code execution
2007-10-02 00:00:00
openssl - predictable random number generator
2008-05-13 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package openssl10 version 0.9.8d-alt4
2007-10-10 00:00:00
Security fix for the ALT Linux 9 package openssl10 version 0.9.8d-alt4
2007-10-10 00:00:00
Security fix for the ALT Linux 9 package openssl10 version 0.9.8d-alt3
2007-08-07 00:00:00
debian
debian
[SECURITY] [DSA 1379-1] New openssl packages fix arbitrary code execution
2007-10-02 20:06:48
[SECURITY] [DSA 1379-1] New openssl packages fix arbitrary code execution
2007-10-02 20:06:48
[SECURITY] [DSA 1379-2] New openssl packages fix arbitrary code execution
2007-10-10 17:59:21
securityvulns
securityvulns
rPSA-2007-0155-1 openssl openssl-scripts
2007-08-13 00:00:00
OpenSSL cryptographic vulnerability
2007-08-13 00:00:00
prion
prion
Design/Logic Flaw
2007-08-08 01:17:00
Buffer overflow
2007-09-27 20:17:00
vmware
vmware
Updated ESX packages for OpenSSL, net-snmp, perl
2008-08-12 00:00:00
Updated ESX packages for OpenSSL, net-snmp, perl
2008-08-12 00:00:00
Updated service console patches.
2008-01-07 00:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2007-5135
2007-10-12 00:00:00
cve
cve
CVE-2007-3108
2007-08-08 01:17:00
CVE-2007-5135
2007-09-27 20:17:00
seebug
seebug
OpenSSL本地密钥信息泄露漏洞
2007-08-03 00:00:00
debiancve
debiancve
CVE-2007-3108
2007-08-08 01:17:00
CVE-2007-5135
2007-09-27 20:17:00
f5
f5
SOL8108 - OpenSSL vulnerability CVE-2007-3108
2007-11-18 00:00:00
K8108 : OpenSSL vulnerability CVE-2007-3108
2013-03-18 00:00:00
SOL8106 - OpenSSL SSL_get_shared_ciphers vulnerability CVE-2007-5135
2007-11-15 00:00:00
ubuntucve
ubuntucve
CVE-2007-3108
2007-08-07 00:00:00
CVE-2007-5135
2007-09-27 00:00:00
cert
cert
RSA key reconstruction vulnerability
2007-08-01 00:00:00
checkpoint_advisories
checkpoint_advisories
freebsd_advisory
freebsd_advisory
FreeBSD-SA-07:08.openssl
2007-10-03 00:00:00
lenovo
lenovo
Intel® PROSet/Wireless WiFi Software Vulnerabilities - Lenovo Support US
2018-11-13 17:10:51
Intel® PROSet/Wireless WiFi Software Vulnerabilities - US
2018-11-13 17:10:51
9.1 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.576 Medium
EPSS
Percentile
97.7%
Related for USN-522-1