CVE-2007-5135

Common Vulnerabilities and Exposures

Upstream information

CVE-2007-5135 at MITRE

Description

Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.

NVD CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Novell/SUSE information

Novell Bugzilla entries: 329208, 331726, 363663

SUSE Security Advisories:

SUSE-SR:2007:020, published Fri, 12 Oct 2007 17:00:00 +0000
SUSE-SR:2008:005, published Thu, 06 Mar 2008 13:00:00 +0000

List of released packages

Product(s)	Fixed package version(s)	References
SUSE CORE 9 for AMD64 and Intel EM64T	`openssl >= 0.9.7d-15.48` `openssl-devel >= 0.9.7d-15.48` `openssl-doc >= 0.9.7d-15.48`	Builds YOU Patch Nr: 12759
SuSE Linux Desktop 1.0	`openssl >= 0.9.6g-144`	sles9-oes.x86 core9.s390 sles10.s390x sles10.x86 slrs8.x86 ul1.s390 YOU Patch Nr: 11843 ZYPP Patch Nr: 4477
SuSE Linux Enterprise Server 8 for IBM zSeries	`openssl >= 0.9.6g-144` `openssl-devel >= 0.9.6g-144` `openssl-doc >= 0.9.6g-144`	sles9-oes.x86 core9.s390 sles10.s390x sles10.x86 slrs8.x86 ul1.s390 YOU Patch Nr: 11843 ZYPP Patch Nr: 4477
Novell Linux Desktop 9 for x86_64	`openssl >= 0.9.7d-15.35` `openssl-32bit >= 9-200710031457` `openssl-devel >= 0.9.7d-15.35` `openssl-devel-32bit >= 9-200710031457` `openssl-doc >= 0.9.7d-15.35`	sles9-oes.x86 core9.s390 sles10.s390x sles10.x86 slrs8.x86 ul1.s390 YOU Patch Nr: 11843 ZYPP Patch Nr: 4477
Novell Linux Desktop 9 for x86 Open Enterprise Server	`openssl >= 0.9.7d-15.35` `openssl-devel >= 0.9.7d-15.35` `openssl-doc >= 0.9.7d-15.35`	sles9-oes.x86 core9.s390 sles10.s390x sles10.x86 slrs8.x86 ul1.s390 YOU Patch Nr: 11843 ZYPP Patch Nr: 4477
SUSE LINUX Retail Solution 8 SuSE Linux Enterprise Server 8 for AMD64 SuSE Linux Enterprise Server 8 for IBM iSeries and IBM pSeries SuSE Linux Enterprise Server 8 for IPF SuSE Linux Openexchange Server 4 SuSE Linux School Server for i386 SuSE Linux Standard Server 8 UnitedLinux 1.0	`openssl >= 0.9.6g-144` `openssl-devel >= 0.9.6g-144`	sles9-oes.x86 core9.s390 sles10.s390x sles10.x86 slrs8.x86 ul1.s390 YOU Patch Nr: 11843 ZYPP Patch Nr: 4477
SUSE LINUX 10.0	`openssl >= 0.9.7g-2.15` `openssl-32bit >= 0.9.7g-2.15` `openssl-64bit >= 0.9.7g-2.15` `openssl-devel >= 0.9.7g-2.15` `openssl-devel-32bit >= 0.9.7g-2.15` `openssl-devel-64bit >= 0.9.7g-2.15` `openssl-doc >= 0.9.7g-2.15`
SUSE LINUX 10.1	`openssl >= 0.9.8a-18.18` `openssl-32bit >= 0.9.8a-18.18` `openssl-64bit >= 0.9.8a-18.18` `openssl-devel >= 0.9.8a-18.18` `openssl-devel-32bit >= 0.9.8a-18.18` `openssl-devel-64bit >= 0.9.8a-18.18` `openssl-doc >= 0.9.8a-18.18`
SUSE LINUX 10.1	`compat-openssl097g >= 0.9.7g-13.9` `compat-openssl097g-32bit >= 0.9.7g-13.9` `compat-openssl097g-64bit >= 0.9.7g-13.9`

Products

Products By Category

Collaboration

Endpoint Management

File & Networking Services

Services & Support

Help Yourself

Let Us Help

Download

IT Consulting

Technical Training

Customer Center

Contribute

Partners

Partner With Novell

PartnerNet

Find a Partner

Developers

Communities

About Novell

How to Buy