CVE-2007-5536
https://notcve.org/view.php?id=CVE-2007-5536
Unspecified vulnerability in OpenSSL before A.00.09.07l on HP-UX B.11.11, B.11.23, and B.11.31 allows local users to cause a denial of service via unspecified vectors. Vulnerabilidad sin especificar en el OpenSSL anterior al A.00.09.07l en el HP-UX B.11.11, B.11.23 y B.11.31 permite a usuarios locales provocar una denegación de servicio a través de vectores sin especificar. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01203958 http://osvdb.org/37894 http://secunia.com/advisories/27265 http://www.securityfocus.com/bid/26093 http://www.vupen.com/english/advisories/2007/3526 https://exchange.xforce.ibmcloud.com/vulnerabilities/37231 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5871 •
CVE-2007-4995 – openssl dtls out of order vulnerabilitiy
https://notcve.org/view.php?id=CVE-2007-4995
Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors. Un error por un paso en la implementación de DTLS en OpenSSL versiones 0.9.8 anteriores a 0.9.8f, permite a atacantes remotos ejecutar código arbitrario por medio de vectores no especificados. • http://bugs.gentoo.org/show_bug.cgi?id=195634 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01299773 http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html http://secunia.com/advisories/25878 http://secunia.com/advisories/27205 http://secunia.com/advisories/27217 http://secunia.com/advisories/27271 http://secunia.com/advisories/27363 http://secunia.com/advisories/27434 http://secunia.com/advisories/27933 http://secunia.com/advisories/280 • CWE-189: Numeric Errors •
CVE-2007-5135 – openssl: SSL_get_shared_ciphers() off-by-one
https://notcve.org/view.php?id=CVE-2007-5135
Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible. Un error por un paso en la función SSL_get_shared_ciphers en OpenSSL versiones 0.9.7 hasta 0.9.7l, y versiones 0.9.8 hasta 0.9.8f, podría permitir a atacantes remotos ejecutar código arbitrario por medio de un paquete diseñado que desencadena un subdesbordamiento de búfer de un byte. NOTA: este problema fue introducido como resultado de una corrección para CVE-2006-3738. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html http://lists.vmware.com/pipermail/security-announce/2008/000002.html http://secunia.com/advisories/22130 http://secunia.com/advisories/27012 http://secunia.com/advisories/27021 http://secunia.com/advisories/27031 http://secunia.com/advisories/27051 http://s • CWE-189: Numeric Errors CWE-193: Off-by-one Error •
CVE-2007-3108 – openssl: RSA side-channel attack
https://notcve.org/view.php?id=CVE-2007-3108
The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys. La función BN_from_montgomery en el crypto/bn/bn_mont.c del OpenSSL 0.9.8e y anteriores, no interpreta adecuadamente la multiplicación Montgomery, lo que permite a usuarios locales llevar a cabo ataques por canal colateral (side-channel) y recuperar claves privadas RSA. • http://cvs.openssl.org/chngview?cn=16275 http://lists.vmware.com/pipermail/security-announce/2008/000002.html http://openssl.org/news/patch-CVE-2007-3108.txt http://secunia.com/advisories/26411 http://secunia.com/advisories/26893 http://secunia.com/advisories/27021 http://secunia.com/advisories/27078 http://secunia.com/advisories/27097 http://secunia.com/advisories/27205 http://secunia.com/advisories/27330 http://secunia.com/advisories/27770 http://secunia.com/advisories/ •
CVE-2006-2937 – openssl ASN.1 DoS
https://notcve.org/view.php?id=CVE-2006-2937
OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. OpenSSL 0.9.7 en versiones anteriores a 0.9.7l y 0.9.8 en versiones anteriores a 0.9.8d permite a atacantes remotos provocar una denegación de servicio (bucle infinito y consumo de memoria) a través de estructuras ASN.1 mal formadas que desencadenan una condición de error manejada incorrectamente. • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc http://docs.info.apple.com/article.html?artnum=304829 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771 http://issues.rpath.com/browse/RPL-613 http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100 http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540 http://kolab.org/security/kolab-vendor • CWE-399: Resource Management Errors •