Your submission was sent successfully! Close

CVE-2007-5135

Published: 27 September 2007

Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.

From the Ubuntu security team

Moritz Jodeit discovered that OpenSSL's SSL_get_shared_ciphers function did not correctly check the size of the buffer it was writing to. A remote attacker could exploit this to write one NULL byte past the end of an application's cipher list buffer, possibly leading to arbitrary code execution or a denial of service.

Priority

Medium

Status

Package Release Status
openssl
Launchpad, Ubuntu, Debian
dapper
Released (0.9.8a-7ubuntu0.4)
edgy
Released (0.9.8b-2ubuntu2.1)
feisty
Released (0.9.8c-4ubuntu0.1)
gutsy
Released (0.9.8e-5ubuntu2)
hardy
Released (0.9.8e-5ubuntu2)
intrepid
Released (0.9.8e-5ubuntu2)
jaunty
Released (0.9.8e-5ubuntu2)
karmic
Released (0.9.8e-5ubuntu2)
upstream
Released (0.9.8f)
openssl097
Launchpad, Ubuntu, Debian
dapper Ignored
(reached end-of-life)
edgy Needed
(reached end-of-life)
feisty Needed
(reached end-of-life)
gutsy Does not exist

hardy Does not exist

intrepid Does not exist

jaunty Does not exist

karmic Does not exist

upstream Needs triage