cpe:/a:openssl:openssl:0.9.7 cpe:/a:openssl:openssl:0.9.7:beta1 cpe:/a:openssl:openssl:0.9.7:beta2 cpe:/a:openssl:openssl:0.9.7:beta3 cpe:/a:openssl:openssl:0.9.7:beta4 cpe:/a:openssl:openssl:0.9.7:beta5 cpe:/a:openssl:openssl:0.9.7:beta6 cpe:/a:openssl:openssl:0.9.7a cpe:/a:openssl:openssl:0.9.7b cpe:/a:openssl:openssl:0.9.7c cpe:/a:openssl:openssl:0.9.7d cpe:/a:openssl:openssl:0.9.7e cpe:/a:openssl:openssl:0.9.7f cpe:/a:openssl:openssl:0.9.7g cpe:/a:openssl:openssl:0.9.7h cpe:/a:openssl:openssl:0.9.7i cpe:/a:openssl:openssl:0.9.7j cpe:/a:openssl:openssl:0.9.7k cpe:/a:openssl:openssl:0.9.7l cpe:/a:openssl:openssl:0.9.8 cpe:/a:openssl:openssl:0.9.8a cpe:/a:openssl:openssl:0.9.8b cpe:/a:openssl:openssl:0.9.8c cpe:/a:openssl:openssl:0.9.8d cpe:/a:openssl:openssl:0.9.8e cpe:/a:openssl:openssl:0.9.8f CVE-2007-5135 2007-09-27T16:17:00.000-04:00 2018-10-03T17:49:08.957-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2007-09-28T07:44:00.000-04:00 ALLOWS_OTHER_ACCESS SECTRACK 1018755 SUNALERT 103130 BUGTRAQ 20070927 OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow BUGTRAQ 20071001 Re: OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow BUGTRAQ 20071003 FLEA-2007-0058-1 openssl openssl-scripts BUGTRAQ 20071004 Re: OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow BUGTRAQ 20080108 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages BUGTRAQ 20080123 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages SUNALERT 200858 SECUNIA 22130 BID 25831 SECUNIA 27012 SECUNIA 27021 SECUNIA 27031 SECUNIA 27051 SECUNIA 27078 SECUNIA 27097 SECUNIA 27186 SECUNIA 27205 SECUNIA 27217 SECUNIA 27229 SECUNIA 27330 SECUNIA 27394 SECUNIA 27851 SECUNIA 27870 SECUNIA 27961 SECUNIA 28368 SECUNIA 29242 SECUNIA 30124 SECUNIA 30161 SECUNIA 31308 SECUNIA 31326 SECUNIA 31467 SECUNIA 31489 SREASON 3179 VUPEN ADV-2007-3325 VUPEN ADV-2007-3625 VUPEN ADV-2007-4042 VUPEN ADV-2007-4144 VUPEN ADV-2008-0064 VUPEN ADV-2008-2268 VUPEN ADV-2008-2361 VUPEN ADV-2008-2362 APPLE APPLE-SA-2008-07-31 DEBIAN DSA-1379 FEDORA FEDORA-2007-725 FREEBSD FreeBSD-SA-07:08 GENTOO GLSA-200710-06 GENTOO GLSA-200805-07 HP HPSBUX02292 MANDRIVA MDKSA-2007:193 NETBSD NetBSD-SA2008-007 REDHAT RHSA-2007:0813 REDHAT RHSA-2007:0964 REDHAT RHSA-2007:1003 HP SSRT071499 SUSE SUSE-SR:2007:020 SUSE SUSE-SR:2008:005 UBUNTU USN-522-1 OPENBSD [4.0] 017: SECURITY FIX: October 10, 2007 OPENBSD [4.1] 011: SECURITY FIX: October 10, 2007 OPENBSD [4.2] 002: SECURITY FIX: October 10, 2007 MLIST [Security-announce] 20080107 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2007-485.htm CONFIRM http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0241 CONFIRM http://www.openssl.org/news/secadv_20071012.txt CONFIRM http://www.vmware.com/security/advisories/VMSA-2008-0001.html CONFIRM http://www.vmware.com/security/advisories/VMSA-2008-0013.html CONFIRM http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4037 CONFIRM http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4038 MISC https://bugs.gentoo.org/show_bug.cgi?id=194039 CONFIRM https://issues.rpath.com/browse/RPL-1769 CONFIRM https://issues.rpath.com/browse/RPL-1770 XF openssl-sslgetshared-bo(36837) Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.