CVE-2007-5135

openssl: SSL_get_shared_ciphers() off-by-one

Severity Score

6.8

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.

Un error por un paso en la función SSL_get_shared_ciphers en OpenSSL versiones 0.9.7 hasta 0.9.7l, y versiones 0.9.8 hasta 0.9.8f, podría permitir a atacantes remotos ejecutar código arbitrario por medio de un paquete diseñado que desencadena un subdesbordamiento de búfer de un byte. NOTA: este problema fue introducido como resultado de una corrección para CVE-2006-3738. A partir de 20071012, se desconoce si es posible la ejecución de código.

*Credits: N/A

CVSS Scores

NISTv2 6.8

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-09-27 CVE Reserved
2007-09-27 CVE Published
2024-08-07 CVE Updated
2024-09-07 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-189: Numeric Errors
CWE-193: Off-by-one Error

CAPEC

References (77)

URL	Tag	Source
http://lists.vmware.com/pipermail/security-announce/2008/000002.html	Mailing List
http://secunia.com/advisories/29242	Third Party Advisory
http://secunia.com/advisories/30124	Third Party Advisory
http://secunia.com/advisories/30161	Third Party Advisory
http://secunia.com/advisories/31308	Third Party Advisory
http://secunia.com/advisories/31326	Third Party Advisory
http://secunia.com/advisories/31467	Third Party Advisory
http://secunia.com/advisories/31489	Third Party Advisory
http://securityreason.com/securityalert/3179	Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm	X_refsource_confirm
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0241	X_refsource_confirm
http://www.openssl.org/news/secadv_20071012.txt	X_refsource_confirm
http://www.securityfocus.com/archive/1/480855/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/481217/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/481488/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/481506/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/485936/100/0/threaded	Mailing List
http://www.securityfocus.com/archive/1/486859/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/25831	Vdb Entry
http://www.securitytracker.com/id?1018755	Vdb Entry
http://www.vmware.com/security/advisories/VMSA-2008-0001.html	X_refsource_confirm
http://www.vmware.com/security/advisories/VMSA-2008-0013.html	X_refsource_confirm
http://www.vupen.com/english/advisories/2007/3325	Vdb Entry
http://www.vupen.com/english/advisories/2007/3625	Vdb Entry
http://www.vupen.com/english/advisories/2007/4042	Vdb Entry
http://www.vupen.com/english/advisories/2007/4144	Vdb Entry
http://www.vupen.com/english/advisories/2008/0064	Vdb Entry
http://www.vupen.com/english/advisories/2008/2268	Vdb Entry
http://www.vupen.com/english/advisories/2008/2361	Vdb Entry
http://www.vupen.com/english/advisories/2008/2362	Vdb Entry
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4037	X_refsource_confirm
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4038	X_refsource_confirm
https://bugs.gentoo.org/show_bug.cgi?id=194039	X_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/36837	Vdb Entry
https://issues.rpath.com/browse/RPL-1769	X_refsource_confirm
https://issues.rpath.com/browse/RPL-1770	X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10904	Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5337	Signature

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc	2018-10-15
http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html	2018-10-15
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html	2018-10-15
http://secunia.com/advisories/22130	2018-10-15
http://secunia.com/advisories/27012	2018-10-15
http://secunia.com/advisories/27021	2018-10-15
http://secunia.com/advisories/27031	2018-10-15
http://secunia.com/advisories/27051	2018-10-15
http://secunia.com/advisories/27078	2018-10-15
http://secunia.com/advisories/27097	2018-10-15
http://secunia.com/advisories/27186	2018-10-15
http://secunia.com/advisories/27205	2018-10-15
http://secunia.com/advisories/27217	2018-10-15
http://secunia.com/advisories/27229	2018-10-15
http://secunia.com/advisories/27330	2018-10-15
http://secunia.com/advisories/27394	2018-10-15
http://secunia.com/advisories/27851	2018-10-15
http://secunia.com/advisories/27870	2018-10-15
http://secunia.com/advisories/27961	2018-10-15
http://secunia.com/advisories/28368	2018-10-15
http://security.freebsd.org/advisories/FreeBSD-SA-07:08.openssl.asc	2018-10-15
http://security.gentoo.org/glsa/glsa-200710-06.xml	2018-10-15
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103130-1	2018-10-15
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200858-1	2018-10-15
http://www.debian.org/security/2007/dsa-1379	2018-10-15
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml	2018-10-15
http://www.mandriva.com/security/advisories?name=MDKSA-2007:193	2018-10-15
http://www.novell.com/linux/security/advisories/2007_20_sr.html	2018-10-15
http://www.openbsd.org/errata40.html	2018-10-15
http://www.openbsd.org/errata41.html	2018-10-15
http://www.openbsd.org/errata42.html	2018-10-15
http://www.redhat.com/support/errata/RHSA-2007-0813.html	2018-10-15
http://www.redhat.com/support/errata/RHSA-2007-0964.html	2018-10-15
http://www.redhat.com/support/errata/RHSA-2007-1003.html	2018-10-15
http://www.securityfocus.com/archive/1/484353/100/0/threaded	2018-10-15
https://usn.ubuntu.com/522-1	2018-10-15
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00218.html	2018-10-15
https://access.redhat.com/security/cve/CVE-2007-5135	2007-11-15
https://bugzilla.redhat.com/show_bug.cgi?id=309801	2007-11-15

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.7 Search vendor "Openssl" for product "Openssl" and version "0.9.7"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.7 Search vendor "Openssl" for product "Openssl" and version "0.9.7"		beta1		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.7 Search vendor "Openssl" for product "Openssl" and version "0.9.7"		beta2		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.7 Search vendor "Openssl" for product "Openssl" and version "0.9.7"		beta3		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.7 Search vendor "Openssl" for product "Openssl" and version "0.9.7"		beta4		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.7 Search vendor "Openssl" for product "Openssl" and version "0.9.7"		beta5		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.7 Search vendor "Openssl" for product "Openssl" and version "0.9.7"		beta6		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.7a Search vendor "Openssl" for product "Openssl" and version "0.9.7a"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.7b Search vendor "Openssl" for product "Openssl" and version "0.9.7b"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.7c Search vendor "Openssl" for product "Openssl" and version "0.9.7c"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.7d Search vendor "Openssl" for product "Openssl" and version "0.9.7d"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.7e Search vendor "Openssl" for product "Openssl" and version "0.9.7e"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.7f Search vendor "Openssl" for product "Openssl" and version "0.9.7f"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.7g Search vendor "Openssl" for product "Openssl" and version "0.9.7g"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.7h Search vendor "Openssl" for product "Openssl" and version "0.9.7h"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.7i Search vendor "Openssl" for product "Openssl" and version "0.9.7i"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.7j Search vendor "Openssl" for product "Openssl" and version "0.9.7j"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.7k Search vendor "Openssl" for product "Openssl" and version "0.9.7k"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.7l Search vendor "Openssl" for product "Openssl" and version "0.9.7l"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8 Search vendor "Openssl" for product "Openssl" and version "0.9.8"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8a Search vendor "Openssl" for product "Openssl" and version "0.9.8a"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8b Search vendor "Openssl" for product "Openssl" and version "0.9.8b"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8c Search vendor "Openssl" for product "Openssl" and version "0.9.8c"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8d Search vendor "Openssl" for product "Openssl" and version "0.9.8d"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8e Search vendor "Openssl" for product "Openssl" and version "0.9.8e"		-		Affected
Openssl Search vendor "Openssl"		Openssl Search vendor "Openssl" for product "Openssl"				0.9.8f Search vendor "Openssl" for product "Openssl" and version "0.9.8f"		-		Affected