Vulnerability Description
Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openssl | Openssl | 0.9.7 |
Related Weaknesses (CWE)
References
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc
- http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
- http://lists.vmware.com/pipermail/security-announce/2008/000002.html
- http://secunia.com/advisories/22130Vendor Advisory
- http://secunia.com/advisories/27012Vendor Advisory
- http://secunia.com/advisories/27021Vendor Advisory
- http://secunia.com/advisories/27031Vendor Advisory
- http://secunia.com/advisories/27051Vendor Advisory
- http://secunia.com/advisories/27078Vendor Advisory
- http://secunia.com/advisories/27097Vendor Advisory
- http://secunia.com/advisories/27186Vendor Advisory
- http://secunia.com/advisories/27205Vendor Advisory
- http://secunia.com/advisories/27217Vendor Advisory
- http://secunia.com/advisories/27229Vendor Advisory
FAQ
What is CVE-2007-5135?
CVE-2007-5135 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers...
How severe is CVE-2007-5135?
CVE-2007-5135 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-5135?
Check the references section above for vendor advisories and patch information. Affected products include: Openssl Openssl.