(IBM Issues Fix for HMC) OpenSSL Off-by-one Overflow in SL_get_shared_ciphers() Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1019061 |
|
SecurityTracker URL: http://securitytracker.com/id/1019061
|
|
CVE Reference:
CVE-2007-5135
(Links to External Site)
|
Date: Dec 7 2007
|
Impact:
Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
A vulnerability was reported in OpenSSL. A remote user can execute arbitrary code on the target system. IBM Hardware Management Console is affected.
A remote user can send specially crafted data to applications that use the SL_get_shared_ciphers() function trigger an off-by-one overflow and execute arbitrary code on the target system. The code will run with the privileges of the target service.
The vulnerability resides in 'ssl/ssl_lib.c'.
The vendor was notified on June 6, 2007.
Moritz Jodeit reported this vulnerability.
|
Impact:
A remote user can execute arbitrary code on the target system.
|
Solution:
IBM has issued a fix (APAR MB02223: PTF MH01064 for HMC Version 6 Release 1.3; APAR MB02226: PTF MH01065 for HMC Version 7 Release 3.2.0) for the Hardware Management Console, which is affected by this vulnerability.
APAR MH01062 is required for version 7 and APAR MH01012 is required for version 6.
The IBM advisories are available at:
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4037
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4038
|
Cause:
Boundary error
|
Underlying OS:
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Fri, 7 Dec 2007 15:00:26 -0500
Subject: IBM Hardware Management Console
|
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4038
The following fixes are addressed in this PTF:
- Security fix CVE-2007-5135: openssl off-by-one overflow.
- Fix for security exposure in some HMC commands.
|
|
