Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.58639
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 1379-1 (openssl)
Summary:NOSUMMARY
Description:Description:
The remote host is missing an update to openssl
announced via advisory DSA 1379-1.

An off-by-one error has been identified in the SSL_get_shared_ciphers()
routine in the libssl library from OpenSSL, an implementation of Secure
Socket Layer cryptographic libraries and utilities. This error could
allow an attacker to crash an application making use of OpenSSL's libssl
library, or potentially execute arbitrary code in the security context
of the user running such an application.

For the stable distribution (etch), this problem has been fixed in
version 0.9.8c-4etch1. For the old stable distribution (sarge), this
problem has been fixed in version 0.9.7e-3sarge5. For the unstable and
testing distributions (sid and lenny, respectively), this problem has
been fixed in version 0.9.8e-9.

We recommend that you upgrade your openssl packages.

Solution:
http://www.securityspace.com/smysecure/catid.html?in=DSA%201379-1

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-5135
http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html
BugTraq ID: 25831
http://www.securityfocus.com/bid/25831
Bugtraq: 20070927 OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow (Google Search)
http://www.securityfocus.com/archive/1/480855/100/0/threaded
Bugtraq: 20071004 Re: OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow (Google Search)
http://www.securityfocus.com/archive/1/481217/100/0/threaded
Bugtraq: 20071003 FLEA-2007-0058-1 openssl openssl-scripts (Google Search)
http://www.securityfocus.com/archive/1/481488/100/0/threaded
http://www.securityfocus.com/archive/1/481506/100/0/threaded
Bugtraq: 20080108 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages (Google Search)
http://www.securityfocus.com/archive/1/485936/100/0/threaded
Bugtraq: 20080123 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages (Google Search)
http://www.securityfocus.com/archive/1/486859/100/0/threaded
Debian Security Information: DSA-1379 (Google Search)
http://www.debian.org/security/2007/dsa-1379
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00218.html
FreeBSD Security Advisory: FreeBSD-SA-07:08
http://security.freebsd.org/advisories/FreeBSD-SA-07:08.openssl.asc
http://security.gentoo.org/glsa/glsa-200710-06.xml
http://www.gentoo.org/security/en/glsa/glsa-200805-07.xml
HPdes Security Advisory: HPSBUX02292
http://www.securityfocus.com/archive/1/484353/100/0/threaded
HPdes Security Advisory: SSRT071499
http://www.mandriva.com/security/advisories?name=MDKSA-2007:193
https://bugs.gentoo.org/show_bug.cgi?id=194039
http://lists.vmware.com/pipermail/security-announce/2008/000002.html
NETBSD Security Advisory: NetBSD-SA2008-007
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-007.txt.asc
OpenBSD Security Advisory: [4.0] 017: SECURITY FIX: October 10, 2007
http://www.openbsd.org/errata40.html
OpenBSD Security Advisory: [4.1] 011: SECURITY FIX: October 10, 2007
http://www.openbsd.org/errata41.html
OpenBSD Security Advisory: [4.2] 002: SECURITY FIX: October 10, 2007
http://www.openbsd.org/errata42.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10904
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5337
http://www.redhat.com/support/errata/RHSA-2007-0813.html
http://www.redhat.com/support/errata/RHSA-2007-0964.html
http://www.redhat.com/support/errata/RHSA-2007-1003.html
http://www.securitytracker.com/id?1018755
http://secunia.com/advisories/22130
http://secunia.com/advisories/27012
http://secunia.com/advisories/27021
http://secunia.com/advisories/27031
http://secunia.com/advisories/27051
http://secunia.com/advisories/27078
http://secunia.com/advisories/27097
http://secunia.com/advisories/27186
http://secunia.com/advisories/27205
http://secunia.com/advisories/27217
http://secunia.com/advisories/27229
http://secunia.com/advisories/27330
http://secunia.com/advisories/27394
http://secunia.com/advisories/27851
http://secunia.com/advisories/27870
http://secunia.com/advisories/27961
http://secunia.com/advisories/28368
http://secunia.com/advisories/29242
http://secunia.com/advisories/30124
http://secunia.com/advisories/30161
http://secunia.com/advisories/31308
http://secunia.com/advisories/31326
http://secunia.com/advisories/31467
http://secunia.com/advisories/31489
http://securityreason.com/securityalert/3179
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103130-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200858-1
SuSE Security Announcement: SUSE-SR:2007:020 (Google Search)
http://www.novell.com/linux/security/advisories/2007_20_sr.html
SuSE Security Announcement: SUSE-SR:2008:005 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
https://usn.ubuntu.com/522-1/
http://www.vupen.com/english/advisories/2007/3325
http://www.vupen.com/english/advisories/2007/3625
http://www.vupen.com/english/advisories/2007/4042
http://www.vupen.com/english/advisories/2007/4144
http://www.vupen.com/english/advisories/2008/0064
http://www.vupen.com/english/advisories/2008/2268
http://www.vupen.com/english/advisories/2008/2361
http://www.vupen.com/english/advisories/2008/2362
XForce ISS Database: openssl-sslgetshared-bo(36837)
https://exchange.xforce.ibmcloud.com/vulnerabilities/36837
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2022 E-Soft Inc. All rights reserved.