Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2007-5135

Publication date 27 September 2007

Last updated 24 July 2024


Ubuntu priority

Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.

From the Ubuntu Security Team

Moritz Jodeit discovered that OpenSSL's SSL_get_shared_ciphers function did not correctly check the size of the buffer it was writing to. A remote attacker could exploit this to write one NULL byte past the end of an application's cipher list buffer, possibly leading to arbitrary code execution or a denial of service.

Status

Package Ubuntu Release Status
openssl 9.10 karmic
Fixed 0.9.8e-5ubuntu2
9.04 jaunty
Fixed 0.9.8e-5ubuntu2
8.10 intrepid
Fixed 0.9.8e-5ubuntu2
8.04 LTS hardy
Fixed 0.9.8e-5ubuntu2
7.10 gutsy
Fixed 0.9.8e-5ubuntu2
7.04 feisty
Fixed 0.9.8c-4ubuntu0.1
6.10 edgy
Fixed 0.9.8b-2ubuntu2.1
6.06 LTS dapper
Fixed 0.9.8a-7ubuntu0.4
openssl097 9.10 karmic Not in release
9.04 jaunty Not in release
8.10 intrepid Not in release
8.04 LTS hardy Not in release
7.10 gutsy Not in release
7.04 feisty Ignored end of life, was needed
6.10 edgy Ignored end of life, was needed
6.06 LTS dapper Ignored end of life

References

Related Ubuntu Security Notices (USN)

    • USN-522-1
    • openssl vulnerabilities
    • 28 September 2007

Other references