CVE-2007-4995

Upstream information

CVE-2007-4995 at MITRE

Description

Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having critical severity.

CVSS v2 Scores
	National Vulnerability Database
Base Score	9.3
Vector	AV:N/AC:M/Au:N/C:C/I:C/A:C
Access Vector	Network
Access Complexity	Medium
Authentication	None
Confidentiality Impact	Complete
Integrity Impact	Complete
Availability Impact	Complete

SUSE Bugzilla entry: 331726 [RESOLVED / FIXED]

SUSE Security Advisories:

SUSE-SR:2007:021, published Fri, 19 Oct 2007 17:00:00 +0000

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Linux Enterprise Server 11 SP1	`libopenssl0_9_8 >= 0.9.8h-30.27.11` `libopenssl0_9_8-32bit >= 0.9.8h-30.27.11` `libopenssl0_9_8-x86 >= 0.9.8h-30.27.11` `openssl >= 0.9.8h-30.27.11` `openssl-doc >= 0.9.8h-30.27.11`	Patchnames: SUSE Linux Enterprise Server 11 SP1 GA libopenssl0_9_8
SUSE Linux Enterprise Server 11 SP2	`libopenssl0_9_8 >= 0.9.8j-0.26.1` `libopenssl0_9_8-32bit >= 0.9.8j-0.26.1` `libopenssl0_9_8-x86 >= 0.9.8j-0.26.1` `openssl >= 0.9.8j-0.26.1` `openssl-doc >= 0.9.8j-0.26.1`	Patchnames: SUSE Linux Enterprise Server 11 SP2 GA libopenssl0_9_8
SUSE Linux Enterprise Server 11 SP3	`libopenssl0_9_8 >= 0.9.8j-0.50.1` `libopenssl0_9_8-32bit >= 0.9.8j-0.50.1` `libopenssl0_9_8-hmac >= 0.9.8j-0.50.1` `libopenssl0_9_8-hmac-32bit >= 0.9.8j-0.50.1` `libopenssl0_9_8-x86 >= 0.9.8j-0.50.1` `openssl >= 0.9.8j-0.50.1` `openssl-doc >= 0.9.8j-0.50.1`	Patchnames: SUSE Linux Enterprise Server 11 SP3 GA libopenssl0_9_8
SUSE Linux Enterprise Server 11 SP4	`libopenssl0_9_8 >= 0.9.8j-0.70.1` `libopenssl0_9_8-32bit >= 0.9.8j-0.70.1` `libopenssl0_9_8-hmac >= 0.9.8j-0.70.1` `libopenssl0_9_8-hmac-32bit >= 0.9.8j-0.70.1` `libopenssl0_9_8-x86 >= 0.9.8j-0.70.1` `openssl >= 0.9.8j-0.70.1` `openssl-doc >= 0.9.8j-0.70.1`	Patchnames: SUSE Linux Enterprise Server 11 SP4 GA libopenssl0_9_8
SUSE Linux Enterprise Server 11-SECURITY	`libopenssl1-devel >= 1.0.1g-0.12.1` `libopenssl1_0_0 >= 1.0.1g-0.12.1` `libopenssl1_0_0-32bit >= 1.0.1g-0.12.1` `openssl1 >= 1.0.1g-0.12.1` `openssl1-doc >= 1.0.1g-0.12.1`	Patchnames: SUSE Linux Enterprise Server 11-SECURITY GA libopenssl1-devel
SUSE Linux Enterprise Software Development Kit 11 SP4	`libopenssl-devel >= 0.9.8j-0.70.1`	Patchnames: SUSE Linux Enterprise Software Development Kit 11 SP4 GA libopenssl-devel
SUSE LINUX 10.1	`openssl >= 0.9.8a-18.23` `openssl-32bit >= 0.9.8a-18.23` `openssl-64bit >= 0.9.8a-18.23` `openssl-devel >= 0.9.8a-18.23` `openssl-devel-32bit >= 0.9.8a-18.23` `openssl-devel-64bit >= 0.9.8a-18.23` `openssl-doc >= 0.9.8a-18.23`