[openssl security] Off-by-one error in the DTLS implementation (CVE-2007-4995)
Bug #153085 reported by
Matti Lindell
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| openssl (Ubuntu) |
Fix Released
|
High
|
Kees Cook | ||
| openssl097 (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned | ||
Bug Description
Binary package hint: openssl
Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f and 0.9.7 allow remote attackers to execute arbitrary code via unspecified vectors. http://
I couldn't find changelog entry describing CVE-2007-4995 as fixed, so it probably isn't yet.
Gutsy,Feisty,(Edgy) and Dapper are affected.
CVE References
| description: | updated |
Revision history for this message
| Kees Cook (kees) wrote | #1 |
| Changed in openssl: | |
| assignee: | nobody → keescook |
| status: | New → In Progress |
Revision history for this message
| Scott Kitterman (kitterman) wrote | #2 |
Revision history for this message
| Jason Levine (v-launchpad-net-site-masshole-us) wrote | #3 |
Revision history for this message
| Kees Cook (kees) wrote | #4 |
| Changed in openssl: | |
| status: | In Progress → Fix Committed |
| Changed in openssl: | |
| importance: | Undecided → High |
| status: | Fix Committed → Fix Released |
Revision history for this message
| Johan Kiviniemi (ion) wrote | #5 |
Revision history for this message
| Kees Cook (kees) wrote | #6 |
Revision history for this message
| Kees Cook (kees) wrote | #7 |
| Changed in openssl097: | |
| status: | New → Won't Fix |
To post a comment you must log in.
Thanks for the report! From what we've been able to tell, nothing is actually using the DTLS implementation yet, which makes this a less critical issue. But we will be releasing updates. :)