CVE-2007-5135
Published: 27 September 2007
Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.
From the Ubuntu Security Team
Moritz Jodeit discovered that OpenSSL's SSL_get_shared_ciphers function did not correctly check the size of the buffer it was writing to. A remote attacker could exploit this to write one NULL byte past the end of an application's cipher list buffer, possibly leading to arbitrary code execution or a denial of service.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
openssl Launchpad, Ubuntu, Debian |
dapper |
Released
(0.9.8a-7ubuntu0.4)
|
| edgy |
Released
(0.9.8b-2ubuntu2.1)
|
|
| feisty |
Released
(0.9.8c-4ubuntu0.1)
|
|
| gutsy |
Released
(0.9.8e-5ubuntu2)
|
|
| hardy |
Released
(0.9.8e-5ubuntu2)
|
|
| intrepid |
Released
(0.9.8e-5ubuntu2)
|
|
| jaunty |
Released
(0.9.8e-5ubuntu2)
|
|
| karmic |
Released
(0.9.8e-5ubuntu2)
|
|
| upstream |
Released
(0.9.8f)
|
|
|
openssl097 Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
| edgy |
Ignored
(end of life, was needed)
|
|
| feisty |
Ignored
(end of life, was needed)
|
|
| gutsy |
Does not exist
|
|
| hardy |
Does not exist
|
|
| intrepid |
Does not exist
|
|
| jaunty |
Does not exist
|
|
| karmic |
Does not exist
|
|
| upstream |
Needs triage
|