CVE-2007-5135

Priority
Medium
Description
Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up
to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute
arbitrary code via a crafted packet that triggers a one-byte buffer
underflow. NOTE: this issue was introduced as a result of a fix for
CVE-2006-3738. As of 20071012, it is unknown whether code execution is
possible.
Ubuntu-Description
Moritz Jodeit discovered that OpenSSL's SSL_get_shared_ciphers function
did not correctly check the size of the buffer it was writing to.
A remote attacker could exploit this to write one NULL byte past the end of
an application's cipher list buffer, possibly leading to arbitrary code
execution or a denial of service.
References
Assigned-to
kees
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Package
Upstream:released (0.9.8f)
Ubuntu 8.04 LTS (Hardy Heron):released (0.9.8e-5ubuntu2)
Ubuntu 10.04 LTS (Lucid Lynx):released (0.9.8e-5ubuntu2)
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:18:14 UTC (commit 5347)