CVE-2007-5135 - CVE Reference - Advisories

Software Inspectors

	Scan Online

	Personal (PSI)

	Network (NSI 2.0)

Solutions For

	Security Professionals

	Security Vendors

Free Solutions For

	Open Communities

	Journalists & Media

Secunia Advisories

	Search

	Historic Advisories

	Listed By Product

	Listed By Vendor

	Statistics / Graphs

	Secunia Research

	Report Vulnerability

	About Advisories

Virus Information

	Chronological List

	Last 10 Virus Alerts

	About Virus Information

Secunia Customers

	Customer Area

CVE Reference: CVE-2007-5135

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-5135

Description: Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/36837 UBUNTU http://www.ubuntulinux.org/support/documentation/usn/usn-522-1 SUSE http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html http://www.novell.com/linux/security/advisories/2007_20_sr.html SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-103130-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200858-1 ST 1018755 SREASON http://securityreason.com/securityalert/3179 SAID Secunia Advisory: SA30161 Secunia Advisory: SA30124 Secunia Advisory: SA29242 Secunia Advisory: SA28368 Secunia Advisory: SA27961 Secunia Advisory: SA27851 Secunia Advisory: SA27870 Secunia Advisory: SA27031 Secunia Advisory: SA27229 Secunia Advisory: SA27394 Secunia Advisory: SA27330 Secunia Advisory: SA27217 Secunia Advisory: SA27205 Secunia Advisory: SA27186 Secunia Advisory: SA27078 Secunia Advisory: SA27097 Secunia Advisory: SA22130 Secunia Advisory: SA27012 Secunia Advisory: SA27051 Secunia Advisory: SA27021 REDHAT http://www.redhat.com/support/errata/RHSA-2007-1003.html http://www.redhat.com/support/errata/RHSA-2007-0813.html http://www.redhat.com/support/errata/RHSA-2007-0964.html OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5337 OPENBSD http://www.openbsd.org/errata41.html http://www.openbsd.org/errata42.html http://www.openbsd.org/errata40.html NETBSD MLIST http://lists.vmware.com/pipermail/security-announce/2008/000002.html MISC MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2007:193 HP http://www.securityfocus.com/archive/1/archive/1/484353/100/0/threaded GENTOO http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml http://security.gentoo.org/glsa/glsa-200710-06.xml FREEBSD http://security.freebsd.org/advisories/FreeBSD-SA-07:08.openssl.asc FEDORA DEBIAN http://www.debian.org/security/2007/dsa-1379 CONFIRM http://www.vmware.com/security/advisories/VMSA-2008-0001.html http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4037 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4038 http://www.openssl.org/news/secadv_20071012.txt BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/485936/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/486859/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/481217/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/481488/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/481506/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/480855/100/0/threaded BID 25831

Return to the previous page.

Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Most Popular Advisories

1.	Linux Kernel LDT Buffer Size Handling Vulnerability

2.	OpenBSD BIND Query Port DNS Cache Poisoning

3.	Drupal Session Fixation Vulnerability

4.	Red Hat update for thunderbird

5.	Apple Safari Cross-Domain Cookie Injection Vulnerability

6.	Red Hat update for kernel

7.	Slackware update for dnsmasq

8.	IPCop update for perl

9.	Ubuntu update for php

10.	dnsmasq Denial of Service and DNS Cache Poisoning