Executive Summary
Summary | |
---|---|
Title | Updated openssl packages fix DTLS vulnerability |
Informations | |||
---|---|---|---|
Name | MDKSA-2007:237 | First vendor Publication | 2007-12-04 |
Vendor | Mandriva | Last vendor Modification | 2007-12-04 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A buffer overflow in the DTLS implementation of OpenSSL 0.9.8 could be exploited by attackers to potentially execute arbitrary code. It is questionable as to whether the DTLS support even worked or is used in any applications; as a result this flaw most likely does not affect most Mandriva users. The updated packages have been patched to correct these issue. |
Original Source
Url : http://www.mandriva.com/security/advisories?name=MDKSA-2007:237 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10288 | |||
Oval ID: | oval:org.mitre.oval:def:10288 | ||
Title: | Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors. | ||
Description: | Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-4995 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17495 | |||
Oval ID: | oval:org.mitre.oval:def:17495 | ||
Title: | USN-534-1 -- openssl vulnerability | ||
Description: | Andy Polyakov discovered that the DTLS implementation in OpenSSL was vulnerable. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-534-1 CVE-2007-4995 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 | Product(s): | openssl |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23963 | |||
Oval ID: | oval:org.mitre.oval:def:23963 | ||
Title: | Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors | ||
Description: | Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2007-4995 | Version: | 7 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | OpenSSL |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 6 |
OpenVAS Exploits
Date | Description |
---|---|
2009-05-05 | Name : HP-UX Update for OpenSSL HPSBUX02296 File : nvt/gb_hp_ux_HPSBUX02296.nasl |
2009-04-09 | Name : Mandriva Update for openssl MDKSA-2007:237 (openssl) File : nvt/gb_mandriva_MDKSA_2007_237.nasl |
2009-03-23 | Name : Ubuntu Update for openssl vulnerability USN-534-1 File : nvt/gb_ubuntu_USN_534_1.nasl |
2009-02-27 | Name : Fedora Update for openssl FEDORA-2007-2530 File : nvt/gb_fedora_2007_2530_openssl_fc7.nasl |
2009-02-27 | Name : Fedora Update for openssl FEDORA-2007-725 File : nvt/gb_fedora_2007_725_openssl_fc6.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200710-30 (openssl) File : nvt/glsa_200710_30.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200805-07 (ltsp) File : nvt/glsa_200805_07.nasl |
2008-05-27 | Name : Debian Security Advisory DSA 1571-1 (openssl) File : nvt/deb_1571_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
37895 | OpenSSL DTLS Implementation Unspecified Off-by-one Remote Code Execution |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-12-15 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-11.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0964.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071012_openssl_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-01-04 | Name : The remote server is affected by multiple vulnerabilities. File : openssl_0_9_8f.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0964.nasl - Type : ACT_GATHER_INFO |
2008-05-13 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1571.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_openssl-4559.nasl - Type : ACT_GATHER_INFO |
2007-12-07 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-237.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-534-1.nasl - Type : ACT_GATHER_INFO |
2007-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2007-2530.nasl - Type : ACT_GATHER_INFO |
2007-10-31 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200710-30.nasl - Type : ACT_GATHER_INFO |
2007-10-24 | Name : The remote openSUSE host is missing a security update. File : suse_libopenssl-devel-4560.nasl - Type : ACT_GATHER_INFO |
2007-10-16 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-725.nasl - Type : ACT_GATHER_INFO |
2007-10-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0964.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:39:03 |
|