exploit the possibilities
Showing 1 - 13 of 13 RSS Feed

CVE-2007-5135

Status Candidate

Overview

Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.

Related Files

Gentoo Linux Security Advisory 201412-11
Posted Dec 12, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-11 - Multiple vulnerabilities have been found in AMD64 x86 emulation base libraries, the worst of which may allow remote execution of arbitrary code. Versions prior to 20140406-r1 are affected.

tags | advisory, remote, arbitrary, x86, vulnerability
systems | linux, gentoo
advisories | CVE-2007-0720, CVE-2007-1536, CVE-2007-2026, CVE-2007-2445, CVE-2007-2741, CVE-2007-3108, CVE-2007-4995, CVE-2007-5116, CVE-2007-5135, CVE-2007-5266, CVE-2007-5268, CVE-2007-5269, CVE-2007-5849, CVE-2010-1205, CVE-2013-0338, CVE-2013-0339, CVE-2013-1664, CVE-2013-1969, CVE-2013-2877, CVE-2014-0160
MD5 | 79d42811d0d77f411edfda4a318d5bb6
VMware Security Advisory 2008-0013
Posted Aug 13, 2008
Authored by VMware | Site vmware.com

VMware Security Advisory - Updated ESX packages for OpenSSL, net-snmp, and perl have been released to address multiple vulnerabilities.

tags | advisory, perl, vulnerability
advisories | CVE-2007-3108, CVE-2007-5135, CVE-2008-2292, CVE-2008-0960, CVE-2008-1927
MD5 | d38f71917dd517b27516976c1fcfb193
VMware Security Advisory 2008-0001.1
Posted Jan 24, 2008
Authored by VMware | Site vmware.com

VMware Security Advisory - There is an OpenPegasus PAM authentication buffer overflow and updated service console packages are available.

tags | advisory, overflow
advisories | CVE-2007-5360, CVE-2007-5398, CVE-2007-4572, CVE-2007-5191, CVE-2007-5116, CVE-2007-3108, CVE-2007-5135
MD5 | 32513e301c91fd38b9f8ec6889e3cd68
VMware Security Advisory 2008-0001
Posted Jan 8, 2008
Authored by VMware | Site vmware.com

VMware Security Advisory - Alexander Sotirov from VMware Security Research discovered a buffer overflow vulnerability in the OpenPegasus Management server. Additionally, various service console packages have been updated.

tags | advisory, overflow
advisories | CVE-2007-5360, CVE-2007-5398, CVE-2007-4572, CVE-2007-5191, CVE-2007-5116, CVE-2007-3108, CVE-2007-5135
MD5 | 1df09e78239ba4cc4fd6cebba03a8ad0
HP Security Bulletin 2007-14.99
Posted Nov 30, 2007
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - A potential security vulnerability has been identified with HP-UX Apache. The vulnerability could be exploited remotely to execute arbitrary code.

tags | advisory, arbitrary
systems | hpux
advisories | CVE-2007-5135
MD5 | 01a4cbc604d81903355a69b1541136cc
openssl-0.9.8f.tar.gz
Posted Oct 13, 2007
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Multiple security fixes.
tags | encryption, protocol
advisories | CVE-2007-4995, CVE-2007-5135
MD5 | 114bf908eb1b293d11d3e6b18a09269f
OpenSSL-12-Oct-2007.txt
Posted Oct 13, 2007
Authored by Ben Laurie | Site openssl.org

OpenSSL Security Advisory - Andy Polyakov discovered a flaw in OpenSSL's DTLS implementation which could lead to the compromise of clients and servers with DTLS enabled. All versions of 0.9.8 prior to 0.9.8f are affected. Moritz Jodeit found an off-by-one error in SSL_get_shared_ciphers(), a function that should normally only be used for logging or debugging. All releases of 0.9.8 prior to 0.9.8f and all releases of 0.9.7 prior to 0.9.7m are affected.

tags | advisory
advisories | CVE-2007-4995, CVE-2007-5135
MD5 | 930dc9a42ecda065f6b34cdb7909144f
Debian Linux Security Advisory 1379-2
Posted Oct 11, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1379-2 - An off-by-one error has been identified in the SSL_get_shared_ciphers() routine in OpenSSL, an implementation of Secure Socket Layer cryptographic libraries and utilities. This error could allow an attacker to crash an application making use of OpenSSL's libssl library, or potentially execute arbitrary code in the security context of the user running such an application. This update to DSA 1379 announces the availability of the libssl0.9.6 and libssl0.9.7 compatibility libraries for sarge (oldstable) and etch (stable), respectively.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2007-5135
MD5 | 628f0f87d55a87adecd6ac70dc98e253
Gentoo Linux Security Advisory 200710-6
Posted Oct 9, 2007
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200710-06 - Moritz Jodeit reported an off-by-one error in the SSL_get_shared_ciphers() function, resulting from an incomplete fix of CVE-2006-3738. A flaw has also been reported in the BN_from_montgomery() function in crypto/bn/bn_mont.c when performing Montgomery multiplication. Versions less than 0.9.8e-r3 are affected.

tags | advisory, crypto
systems | linux, gentoo
advisories | CVE-2006-3738, CVE-2007-3108, CVE-2007-5135
MD5 | fbb80f53be6d2a67bf086e6f20059611
Mandriva Linux Security Advisory 2007.193
Posted Oct 5, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A flaw in how OpenSSL performed Montgomery multiplications was discovered %that could allow a local attacker to reconstruct RSA private keys by examining another user's OpenSSL processes. Moritz Jodeit found that OpenSSL's SSL_get_shared_ciphers() function did not correctly check the size of the buffer it was writing to. As a result, a remote attacker could exploit this to write one NULL byte past the end of the application's cipher list buffer, which could possibly lead to a denial of service or the execution of arbitrary code.

tags | advisory, remote, denial of service, arbitrary, local
systems | linux, mandriva
advisories | CVE-2007-3108, CVE-2007-5135
MD5 | d2934c153f0679b7321b754ee6c07501
FreeBSD-SA-07-08.openssl.txt
Posted Oct 5, 2007
Site security.freebsd.org

FreeBSD Security Advisory - A buffer overflow addressed in FreeBSD-SA-06:23.openssl has been found to be incorrectly fixed.

tags | advisory, overflow
systems | freebsd
advisories | CVE-2007-3738, CVE-2007-5135
MD5 | 9f740bbff007eaefd679f8275d6df98e
Debian Linux Security Advisory 1379-1
Posted Oct 3, 2007
Authored by Debian | Site debian.org

Debian Security Advisory 1379-1 - An off-by-one error has been identified in the SSL_get_shared_ciphers() routine in the libssl library from OpenSSL, an implementation of Secure Socket Layer cryptographic libraries and utilities. This error could allow an attacker to crash an application making use of OpenSSL's libssl library, or potentially execute arbitrary code in the security context of the user running such an application.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2007-5135
MD5 | 3f5aa96b7fa0f56cd5a7c9bd5759073e
Ubuntu Security Notice 522-1
Posted Sep 30, 2007
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 522-1 - It was discovered that OpenSSL did not correctly perform Montgomery multiplications. Local attackers might be able to reconstruct RSA private keys by examining another user's OpenSSL processes. Moritz Jodeit discovered that OpenSSL's SSL_get_shared_ciphers function did not correctly check the size of the buffer it was writing to. A remote attacker could exploit this to write one NULL byte past the end of an application's cipher list buffer, possibly leading to arbitrary code execution or a denial of service.

tags | advisory, remote, denial of service, arbitrary, local, code execution
systems | linux, ubuntu
advisories | CVE-2007-3108, CVE-2007-5135
MD5 | 81a8377a3cae000f1224491d8f4272e7
Page 1 of 1
Back1Next

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    19 Files
  • 16
    Oct 16th
    19 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close