Novell Home

CVE-2007-5135

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2007-5135 at MITRE

Description

Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.

NVD CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Novell/SUSE information

Novell Bugzilla entries: 329208, 331726, 363663

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE CORE 9 for AMD64 and Intel EM64T
  • openssl >= 0.9.7d-15.48
  • openssl-devel >= 0.9.7d-15.48
  • openssl-doc >= 0.9.7d-15.48
Builds
YOU Patch Nr: 12759
SuSE Linux Desktop 1.0
  • openssl >= 0.9.6g-144
sles9-oes.x86
core9.s390
sles10.s390x
sles10.x86
slrs8.x86
ul1.s390
YOU Patch Nr: 11843
ZYPP Patch Nr: 4477
SUSE LINUX Retail Solution 8
SuSE Linux Enterprise Server 8 for AMD64
SuSE Linux Enterprise Server 8 for IBM iSeries and IBM pSeries
SuSE Linux Enterprise Server 8 for IPF
SuSE Linux Openexchange Server 4
SuSE Linux School Server for i386
SuSE Linux Standard Server 8
UnitedLinux 1.0
  • openssl >= 0.9.6g-144
  • openssl-devel >= 0.9.6g-144
sles9-oes.x86
core9.s390
sles10.s390x
sles10.x86
slrs8.x86
ul1.s390
YOU Patch Nr: 11843
ZYPP Patch Nr: 4477
SuSE Linux Enterprise Server 8 for IBM zSeries
  • openssl >= 0.9.6g-144
  • openssl-devel >= 0.9.6g-144
  • openssl-doc >= 0.9.6g-144
sles9-oes.x86
core9.s390
sles10.s390x
sles10.x86
slrs8.x86
ul1.s390
YOU Patch Nr: 11843
ZYPP Patch Nr: 4477
Novell Linux Desktop 9 for x86
Open Enterprise Server
  • openssl >= 0.9.7d-15.35
  • openssl-devel >= 0.9.7d-15.35
  • openssl-doc >= 0.9.7d-15.35
sles9-oes.x86
core9.s390
sles10.s390x
sles10.x86
slrs8.x86
ul1.s390
YOU Patch Nr: 11843
ZYPP Patch Nr: 4477
Novell Linux Desktop 9 for x86_64
  • openssl >= 0.9.7d-15.35
  • openssl-32bit >= 9-200710031457
  • openssl-devel >= 0.9.7d-15.35
  • openssl-devel-32bit >= 9-200710031457
  • openssl-doc >= 0.9.7d-15.35
sles9-oes.x86
core9.s390
sles10.s390x
sles10.x86
slrs8.x86
ul1.s390
YOU Patch Nr: 11843
ZYPP Patch Nr: 4477
SUSE LINUX 10.0
  • openssl >= 0.9.7g-2.15
  • openssl-32bit >= 0.9.7g-2.15
  • openssl-64bit >= 0.9.7g-2.15
  • openssl-devel >= 0.9.7g-2.15
  • openssl-devel-32bit >= 0.9.7g-2.15
  • openssl-devel-64bit >= 0.9.7g-2.15
  • openssl-doc >= 0.9.7g-2.15
SUSE LINUX 10.1
  • openssl >= 0.9.8a-18.18
  • openssl-32bit >= 0.9.8a-18.18
  • openssl-64bit >= 0.9.8a-18.18
  • openssl-devel >= 0.9.8a-18.18
  • openssl-devel-32bit >= 0.9.8a-18.18
  • openssl-devel-64bit >= 0.9.8a-18.18
  • openssl-doc >= 0.9.8a-18.18
SUSE LINUX 10.1
  • compat-openssl097g >= 0.9.7g-13.9
  • compat-openssl097g-32bit >= 0.9.7g-13.9
  • compat-openssl097g-64bit >= 0.9.7g-13.9

© 2014 Novell