Executive Summary

Informations
NameCVE-2007-5135First vendor Publication2007-09-27
VendorCveLast vendor Modification2011-08-29

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score6.8Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Security Protection

ImpactsProvides unauthorized access : Allows partial confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service.

Detail

Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5135

CWE : Common Weakness Enumeration

idName
CWE-189Numeric Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:5337
 
Oval ID: oval:org.mitre.oval:def:5337
Title: Security Vulnerability in Solaris 10 OpenSSL SSL_get_shared_ciphers() Function
Description: Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.
Family: unix Class: vulnerability
Reference(s): CVE-2007-5135
Version: 1
Platform(s): Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10904
 
Oval ID: oval:org.mitre.oval:def:10904
Title: Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.
Description: Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.
Family: unix Class: vulnerability
Reference(s): CVE-2007-5135
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22488
 
Oval ID: oval:org.mitre.oval:def:22488
Title: ELSA-2007:0964: openssl security update (Important)
Description: Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.
Family: unix Class: patch
Reference(s): ELSA-2007:0964-02
CVE-2007-3108
CVE-2007-4995
CVE-2007-5135
Version: 14
Platform(s): Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application26

OpenVAS Exploits

DateDescription
2010-05-12Name : Mac OS X Security Update 2008-005
File : nvt/macosx_secupd_2008-005.nasl
2009-11-17Name : Mac OS X Version
File : nvt/macosx_version.nasl
2009-10-13Name : SLES10: Security update for compat-openssl097g
File : nvt/sles10_compat-openssl01.nasl
2009-10-10Name : SLES9: Security update for OpenSSL
File : nvt/sles9p5019012.nasl
2009-06-03Name : Solaris Update for kernel 127127-11
File : nvt/gb_solaris_127127_11.nasl
2009-06-03Name : Solaris Update for kernel 127128-11
File : nvt/gb_solaris_127128_11.nasl
2009-05-05Name : HP-UX Update for Apache HPSBUX02292
File : nvt/gb_hp_ux_HPSBUX02292.nasl
2009-04-09Name : Mandriva Update for openssl MDKSA-2007:193 (openssl)
File : nvt/gb_mandriva_MDKSA_2007_193.nasl
2009-03-23Name : Ubuntu Update for openssl vulnerabilities USN-522-1
File : nvt/gb_ubuntu_USN_522_1.nasl
2009-02-27Name : Fedora Update for openssl FEDORA-2007-2530
File : nvt/gb_fedora_2007_2530_openssl_fc7.nasl
2009-02-27Name : Fedora Update for openssl FEDORA-2007-725
File : nvt/gb_fedora_2007_725_openssl_fc6.nasl
2008-09-24Name : Gentoo Security Advisory GLSA 200805-07 (ltsp)
File : nvt/glsa_200805_07.nasl
2008-09-24Name : Gentoo Security Advisory GLSA 200710-06 (openssl)
File : nvt/glsa_200710_06.nasl
2008-09-04Name : FreeBSD Security Advisory (FreeBSD-SA-07:08.openssl.asc)
File : nvt/freebsdsa_openssl5.nasl
2008-01-17Name : Debian Security Advisory DSA 1379-1 (openssl)
File : nvt/deb_1379_1.nasl
2008-01-17Name : Debian Security Advisory DSA 1379-2 (openssl097, openssl096)
File : nvt/deb_1379_2.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
29262OpenSSL SSL_get_shared_ciphers Function Unspecified Remote Overflow

Snort® IPS/IDS

DateDescription
2014-01-10SSLv2 openssl get shared ciphers overflow attempt
RuleID : 8440 - Revision : 11 - Type : IMAP
2014-01-10SSLv3 openssl get shared ciphers overflow attempt
RuleID : 8439 - Revision : 16 - Type : IMAP
2014-01-10SSLv2 openssl get shared ciphers overflow attempt
RuleID : 8438 - Revision : 16 - Type : IMAP
2014-01-10SSLv2 openssl get shared ciphers overflow attempt
RuleID : 8437 - Revision : 15 - Type : SMTP
2014-01-10SSLv2 openssl get shared ciphers overflow attempt
RuleID : 8436 - Revision : 14 - Type : SMTP
2014-01-10SSLv3 openssl get shared ciphers overflow attempt
RuleID : 8435 - Revision : 16 - Type : SMTP
2014-01-10SSLv3 openssl get shared ciphers overflow attempt
RuleID : 8434 - Revision : 16 - Type : SMTP
2014-01-10SSLv2 openssl get shared ciphers overflow attempt
RuleID : 8433 - Revision : 15 - Type : SMTP
2014-01-10SSLv2 openssl get shared ciphers overflow attempt
RuleID : 8432 - Revision : 15 - Type : SMTP
2014-01-10SSLv2 openssl get shared ciphers overflow attempt
RuleID : 8431 - Revision : 14 - Type : POP3
2014-01-10SSLv3 openssl get shared ciphers overflow attempt
RuleID : 8430 - Revision : 15 - Type : POP3
2014-01-10SSLv2 openssl get shared ciphers overflow attempt
RuleID : 8429 - Revision : 14 - Type : POP3
2014-01-10SSLv2 openssl get shared ciphers overflow attempt
RuleID : 8428 - Revision : 17 - Type : SERVER-OTHER
2014-01-10SSLv2 openssl get shared ciphers overflow attempt
RuleID : 8427 - Revision : 18 - Type : MISC
2014-01-10SSLv3 openssl get shared ciphers overflow attempt
RuleID : 8426 - Revision : 16 - Type : SERVER-OTHER

Nessus® Vulnerability Scanner

DateDescription
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2007-0813.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2007-0964.nasl - Type : ACT_GATHER_INFO
2013-06-28Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2007-1003.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20071012_openssl_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20071022_openssl_on_SL3.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20071115_openssl_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-01-04Name : The remote server is affected by an unspecified buffer overflow vulnerability.
File : openssl_0_9_7m_0_9_8e.nasl - Type : ACT_GATHER_INFO
2010-01-06Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2007-0964.nasl - Type : ACT_GATHER_INFO
2009-09-24Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_11843.nasl - Type : ACT_GATHER_INFO
2009-07-27Name : The remote VMware ESX host is missing one or more security-related patches.
File : vmware_VMSA-2008-0001.nasl - Type : ACT_GATHER_INFO
2009-07-27Name : The remote VMware ESX host is missing one or more security-related patches.
File : vmware_VMSA-2008-0013.nasl - Type : ACT_GATHER_INFO
2008-08-01Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2008-005.nasl - Type : ACT_GATHER_INFO
2008-05-11Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200805-07.nasl - Type : ACT_GATHER_INFO
2008-03-07Name : The remote SuSE system is missing the security patch compat-openssl097g-5054
File : suse_compat-openssl097g-5054.nasl - Type : ACT_GATHER_INFO
2008-03-07Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_compat-openssl097g-5055.nasl - Type : ACT_GATHER_INFO
2007-12-13Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_openssl-4477.nasl - Type : ACT_GATHER_INFO
2007-11-16Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-1003.nasl - Type : ACT_GATHER_INFO
2007-11-10Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-522-1.nasl - Type : ACT_GATHER_INFO
2007-11-10Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-353-1.nasl - Type : ACT_GATHER_INFO
2007-11-06Name : The remote Fedora host is missing a security update.
File : fedora_2007-2530.nasl - Type : ACT_GATHER_INFO
2007-10-25Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-0813.nasl - Type : ACT_GATHER_INFO
2007-10-25Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2007-0813.nasl - Type : ACT_GATHER_INFO
2007-10-17Name : The remote SuSE system is missing the security patch libopenssl-devel-4476
File : suse_libopenssl-devel-4476.nasl - Type : ACT_GATHER_INFO
2007-10-16Name : The remote Fedora Core host is missing a security update.
File : fedora_2007-725.nasl - Type : ACT_GATHER_INFO
2007-10-15Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-0964.nasl - Type : ACT_GATHER_INFO
2007-10-09Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2007-193.nasl - Type : ACT_GATHER_INFO
2007-10-09Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200710-06.nasl - Type : ACT_GATHER_INFO
2007-10-03Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1379.nasl - Type : ACT_GATHER_INFO
2007-02-18Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2006-172.nasl - Type : ACT_GATHER_INFO
2007-02-18Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2006-177.nasl - Type : ACT_GATHER_INFO
2007-02-18Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2006-178.nasl - Type : ACT_GATHER_INFO
2004-07-12Name : The remote host is missing Sun Security Patch number 113713-30
File : solaris9_113713.nasl - Type : ACT_GATHER_INFO
2004-07-12Name : The remote host is missing Sun Security Patch number 114568-29
File : solaris9_x86_114568.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
APPLEhttp://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html
BIDhttp://www.securityfocus.com/bid/25831
BUGTRAQhttp://www.securityfocus.com/archive/1/archive/1/480855/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/481217/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/481488/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/481506/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/485936/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/486859/100/0/threaded
CONFIRMhttp://support.avaya.com/elmodocs2/security/ASA-2007-485.htm
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0241
http://www.openssl.org/news/secadv_20071012.txt
http://www.vmware.com/security/advisories/VMSA-2008-0001.html
http://www.vmware.com/security/advisories/VMSA-2008-0013.html
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&I...
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&I...
https://issues.rpath.com/browse/RPL-1769
https://issues.rpath.com/browse/RPL-1770
DEBIANhttp://www.debian.org/security/2007/dsa-1379
FEDORAhttps://www.redhat.com/archives/fedora-package-announce/2007-October/msg00218...
FREEBSDhttp://security.freebsd.org/advisories/FreeBSD-SA-07:08.openssl.asc
GENTOOhttp://security.gentoo.org/glsa/glsa-200710-06.xml
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
HPhttp://www.securityfocus.com/archive/1/archive/1/484353/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/484353/100/0/threaded
MANDRIVAhttp://www.mandriva.com/security/advisories?name=MDKSA-2007:193
MISChttps://bugs.gentoo.org/show_bug.cgi?id=194039
MLISThttp://lists.vmware.com/pipermail/security-announce/2008/000002.html
NETBSDftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc
OPENBSDhttp://www.openbsd.org/errata40.html
http://www.openbsd.org/errata41.html
http://www.openbsd.org/errata42.html
REDHAThttp://www.redhat.com/support/errata/RHSA-2007-0813.html
http://www.redhat.com/support/errata/RHSA-2007-0964.html
http://www.redhat.com/support/errata/RHSA-2007-1003.html
SECTRACKhttp://www.securitytracker.com/id?1018755
SECUNIAhttp://secunia.com/advisories/22130
http://secunia.com/advisories/27012
http://secunia.com/advisories/27021
http://secunia.com/advisories/27031
http://secunia.com/advisories/27051
http://secunia.com/advisories/27078
http://secunia.com/advisories/27097
http://secunia.com/advisories/27186
http://secunia.com/advisories/27205
http://secunia.com/advisories/27217
http://secunia.com/advisories/27229
http://secunia.com/advisories/27330
http://secunia.com/advisories/27394
http://secunia.com/advisories/27851
http://secunia.com/advisories/27870
http://secunia.com/advisories/27961
http://secunia.com/advisories/28368
http://secunia.com/advisories/29242
http://secunia.com/advisories/30124
http://secunia.com/advisories/30161
http://secunia.com/advisories/31308
http://secunia.com/advisories/31326
http://secunia.com/advisories/31467
http://secunia.com/advisories/31489
SREASONhttp://securityreason.com/securityalert/3179
SUNALERThttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103130-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200858-1
SUSEhttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
http://www.novell.com/linux/security/advisories/2007_20_sr.html
UBUNTUhttp://www.ubuntulinux.org/support/documentation/usn/usn-522-1
VUPENhttp://www.vupen.com/english/advisories/2007/3325
http://www.vupen.com/english/advisories/2007/3625
http://www.vupen.com/english/advisories/2007/4042
http://www.vupen.com/english/advisories/2007/4144
http://www.vupen.com/english/advisories/2008/0064
http://www.vupen.com/english/advisories/2008/2268
http://www.vupen.com/english/advisories/2008/2361
http://www.vupen.com/english/advisories/2008/2362
XFhttp://xforce.iss.net/xforce/xfdb/36837

Alert History

If you want to see full details history, please login or register.
0
1
2
DateInformations
2014-02-17 10:41:54
  • Multiple Updates
2014-01-19 21:24:29
  • Multiple Updates
2013-05-11 10:37:45
  • Multiple Updates