// For flags

CVE-2007-5135

openssl: SSL_get_shared_ciphers() off-by-one

Severity Score

6.8
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.

Un error por un paso en la función SSL_get_shared_ciphers en OpenSSL versiones 0.9.7 hasta 0.9.7l, y versiones 0.9.8 hasta 0.9.8f, podría permitir a atacantes remotos ejecutar código arbitrario por medio de un paquete diseñado que desencadena un subdesbordamiento de búfer de un byte. NOTA: este problema fue introducido como resultado de una corrección para CVE-2006-3738. A partir de 20071012, se desconoce si es posible la ejecución de código.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-09-27 CVE Reserved
  • 2007-09-27 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-09-07 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-189: Numeric Errors
  • CWE-193: Off-by-one Error
CAPEC
References (77)
URL Tag Source
http://lists.vmware.com/pipermail/security-announce/2008/000002.html Mailing List
http://secunia.com/advisories/29242 Third Party Advisory
http://secunia.com/advisories/30124 Third Party Advisory
http://secunia.com/advisories/30161 Third Party Advisory
http://secunia.com/advisories/31308 Third Party Advisory
http://secunia.com/advisories/31326 Third Party Advisory
http://secunia.com/advisories/31467 Third Party Advisory
http://secunia.com/advisories/31489 Third Party Advisory
http://securityreason.com/securityalert/3179 Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm X_refsource_confirm
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0241 X_refsource_confirm
http://www.openssl.org/news/secadv_20071012.txt X_refsource_confirm
http://www.securityfocus.com/archive/1/480855/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/481217/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/481488/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/481506/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/485936/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/486859/100/0/threaded Mailing List
http://www.securityfocus.com/bid/25831 Vdb Entry
http://www.securitytracker.com/id?1018755 Vdb Entry
http://www.vmware.com/security/advisories/VMSA-2008-0001.html X_refsource_confirm
http://www.vmware.com/security/advisories/VMSA-2008-0013.html X_refsource_confirm
http://www.vupen.com/english/advisories/2007/3325 Vdb Entry
http://www.vupen.com/english/advisories/2007/3625 Vdb Entry
http://www.vupen.com/english/advisories/2007/4042 Vdb Entry
http://www.vupen.com/english/advisories/2007/4144 Vdb Entry
http://www.vupen.com/english/advisories/2008/0064 Vdb Entry
http://www.vupen.com/english/advisories/2008/2268 Vdb Entry
http://www.vupen.com/english/advisories/2008/2361 Vdb Entry
http://www.vupen.com/english/advisories/2008/2362 Vdb Entry
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4037 X_refsource_confirm
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4038 X_refsource_confirm
https://bugs.gentoo.org/show_bug.cgi?id=194039 X_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/36837 Vdb Entry
https://issues.rpath.com/browse/RPL-1769 X_refsource_confirm
https://issues.rpath.com/browse/RPL-1770 X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10904 Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5337 Signature
URL Date SRC
URL Date SRC
URL Date SRC
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc 2018-10-15
http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html 2018-10-15
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html 2018-10-15
http://secunia.com/advisories/22130 2018-10-15
http://secunia.com/advisories/27012 2018-10-15
http://secunia.com/advisories/27021 2018-10-15
http://secunia.com/advisories/27031 2018-10-15
http://secunia.com/advisories/27051 2018-10-15
http://secunia.com/advisories/27078 2018-10-15
http://secunia.com/advisories/27097 2018-10-15
http://secunia.com/advisories/27186 2018-10-15
http://secunia.com/advisories/27205 2018-10-15
http://secunia.com/advisories/27217 2018-10-15
http://secunia.com/advisories/27229 2018-10-15
http://secunia.com/advisories/27330 2018-10-15
http://secunia.com/advisories/27394 2018-10-15
http://secunia.com/advisories/27851 2018-10-15
http://secunia.com/advisories/27870 2018-10-15
http://secunia.com/advisories/27961 2018-10-15
http://secunia.com/advisories/28368 2018-10-15
http://security.freebsd.org/advisories/FreeBSD-SA-07:08.openssl.asc 2018-10-15
http://security.gentoo.org/glsa/glsa-200710-06.xml 2018-10-15
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103130-1 2018-10-15
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200858-1 2018-10-15
http://www.debian.org/security/2007/dsa-1379 2018-10-15
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml 2018-10-15
http://www.mandriva.com/security/advisories?name=MDKSA-2007:193 2018-10-15
http://www.novell.com/linux/security/advisories/2007_20_sr.html 2018-10-15
http://www.openbsd.org/errata40.html 2018-10-15
http://www.openbsd.org/errata41.html 2018-10-15
http://www.openbsd.org/errata42.html 2018-10-15
http://www.redhat.com/support/errata/RHSA-2007-0813.html 2018-10-15
http://www.redhat.com/support/errata/RHSA-2007-0964.html 2018-10-15
http://www.redhat.com/support/errata/RHSA-2007-1003.html 2018-10-15
http://www.securityfocus.com/archive/1/484353/100/0/threaded 2018-10-15
https://usn.ubuntu.com/522-1 2018-10-15
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00218.html 2018-10-15
https://access.redhat.com/security/cve/CVE-2007-5135 2007-11-15
https://bugzilla.redhat.com/show_bug.cgi?id=309801 2007-11-15
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.7
Search vendor "Openssl" for product "Openssl" and version "0.9.7"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.7
Search vendor "Openssl" for product "Openssl" and version "0.9.7"
beta1
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.7
Search vendor "Openssl" for product "Openssl" and version "0.9.7"
beta2
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.7
Search vendor "Openssl" for product "Openssl" and version "0.9.7"
beta3
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.7
Search vendor "Openssl" for product "Openssl" and version "0.9.7"
beta4
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.7
Search vendor "Openssl" for product "Openssl" and version "0.9.7"
beta5
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.7
Search vendor "Openssl" for product "Openssl" and version "0.9.7"
beta6
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.7a
Search vendor "Openssl" for product "Openssl" and version "0.9.7a"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.7b
Search vendor "Openssl" for product "Openssl" and version "0.9.7b"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.7c
Search vendor "Openssl" for product "Openssl" and version "0.9.7c"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.7d
Search vendor "Openssl" for product "Openssl" and version "0.9.7d"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.7e
Search vendor "Openssl" for product "Openssl" and version "0.9.7e"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.7f
Search vendor "Openssl" for product "Openssl" and version "0.9.7f"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.7g
Search vendor "Openssl" for product "Openssl" and version "0.9.7g"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.7h
Search vendor "Openssl" for product "Openssl" and version "0.9.7h"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.7i
Search vendor "Openssl" for product "Openssl" and version "0.9.7i"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.7j
Search vendor "Openssl" for product "Openssl" and version "0.9.7j"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.7k
Search vendor "Openssl" for product "Openssl" and version "0.9.7k"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.7l
Search vendor "Openssl" for product "Openssl" and version "0.9.7l"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8
Search vendor "Openssl" for product "Openssl" and version "0.9.8"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8a
Search vendor "Openssl" for product "Openssl" and version "0.9.8a"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8b
Search vendor "Openssl" for product "Openssl" and version "0.9.8b"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8c
Search vendor "Openssl" for product "Openssl" and version "0.9.8c"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8d
Search vendor "Openssl" for product "Openssl" and version "0.9.8d"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8e
Search vendor "Openssl" for product "Openssl" and version "0.9.8e"
-
Affected
Openssl
Search vendor "Openssl"
Openssl
Search vendor "Openssl" for product "Openssl"
0.9.8f
Search vendor "Openssl" for product "Openssl" and version "0.9.8f"
-
Affected