[Pkg-openssl-devel] Bug#444435: Bug#444435: openssl: [CVE-2007-5135] Off-by-one error in the SSL_get_shared_ciphers()

Kurt Roeckx kurt at roeckx.be
Fri Sep 28 17:16:15 UTC 2007 

tags 444435 - sarge etch
clone 444435 -1 
reassign -1 openssl097 0.9.7k-3.1
thanks

On Fri, Sep 28, 2007 at 04:16:02PM +0200, Axel Beckert wrote:
> Package: openssl
> Version: 0.9.8c-4, 0.9.7e-3sarge4
> Severity: critical
> Tags: sarge, etch, security

Since this applies to sid (and oldstable) too, those tags are
just wrong.

So we have those versions:
openssl:
   Oldstable		0.9.7e-3sarge4
   Stable		0.9.8c-4
   Testing		0.9.8e-6
   Unstable		0.9.8e-8

openssl097:
   Stable		0.9.7k-3.1
   Testing              0.9.7k-3.1

openssl096
   Oldstable		0.9.6m-1sarge4

All those versions are probably vulnerable.

I'm not sure if the security team wants to have a DSA covering
oldstable's versions.

> According to http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5135
> (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5135 is not
> yet available):

The patch for it seems to be at:
http://cvs.openssl.org/chngview?cn=16587

I've also attached it.



Kurt

> Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL
> 0.9.7l and 0.9.8d might allow remote attackers to execute arbitrary
> code via a crafted packet that triggers a one-byte buffer underflow.
> 
> According to the German IT news magazin "Heise Online", 0.9.7m and
> 0.9.8e are also affected:
> http://www.heise.de/security/news/meldung/96710
> 
> Original source seems to be this Bugtraq posting:
> http://www.securityfocus.com/archive/1/archive/1/480855/100/0/threaded
> 
> According to this posting, all lower versions are affected, too.
> 
> The release dates of 0.9.8e and 0.9.7m and the time line in the above
> mentioned Bugtraq posting suggest that not only 0.9.7l and 0.9.8d but
> also 0.9.7m and 0.9.8e are affected -- as Heise wrote.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: CVE-2007-5135.diff
Type: text/x-diff
Size: 1047 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/attachments/20070928/eafca0f8/attachment.diff

More information about the Pkg-openssl-devel mailing list