SERVER-OTHER SSLv3 openssl get shared ciphers overflow attempt
Buffer overflow in the SSLgetshared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.
CVSS base score 10.0 CVSS impact score 10.0 CVSS exploitability score 10.0 confidentialityImpact COMPLETE integrityImpact COMPLETE availabilityImpact COMPLETE
CVE-2006-3738:
CVSS base score 10.0
CVSS impact score 10.0
CVSS exploitability score 10.0
Confidentiality Impact COMPLETE
Integrity Impact COMPLETE
Availability Impact COMPLETE
CVE-2007-5135:
CVSS base score 6.8
CVSS impact score 6.4
CVSS exploitability score 8.6
Confidentiality Impact PARTIAL
Integrity Impact PARTIAL
Availability Impact PARTIAL
CVE-2006-3738: Buffer overflow in the SSLgetshared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.
CVE-2007-5135: Off-by-one error in the SSLgetshared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer underflow. NOTE: this issue was introduced as a result of a fix for CVE-2006-3738. As of 20071012, it is unknown whether code execution is possible.
CVE-2006-3738:
Access Vector NETWORK
Access Complexity LOW
Authentication NONE
CVE-2007-5135:
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE
None known
None known
Upgrade to the latest non-affected version of the software.
Apply the appropriate vendor supplied patches.
©2019 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
Privacy Policy | Snort License | FAQ | Sitemap
