Vulnerabilities > CVE-2005-2969 - Unspecified vulnerability in Openssl

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
openssl
nessus

Summary

The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack.

Nessus

  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_60E26A403B2511DA948400123FFE8333.NASL
    descriptionVulnerability : Such applications are affected if they use the option SSL_OP_MSIE_SSLV2_RSA_PADDING. This option is implied by use of SSL_OP_ALL, which is intended to work around various bugs in third-party software that might prevent interoperability. The SSL_OP_MSIE_SSLV2_RSA_PADDING option disables a verification step in the SSL 2.0 server supposed to prevent active protocol-version rollback attacks. With this verification step disabled, an attacker acting as a
    last seen2020-06-01
    modified2020-06-02
    plugin id21435
    published2006-05-13
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21435
    titleFreeBSD : openssl -- potential SSL 2.0 rollback (60e26a40-3b25-11da-9484-00123ffe8333)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2005-986.NASL
    descriptionThe remote Fedora Core host is missing one or more security updates : openssl-0.9.7f-7.10 : - Wed Oct 12 2005 Tomas Mraz <tmraz at redhat.com> 0.9.7f-7.10 - fix CVE-2005-2969 - remove SSL_OP_MSIE_SSLV2_RSA_PADDING which disables the countermeasure against man in the middle attack in SSLv2 (#169863) - more fixes for constant time/memory access for DSA signature algorithm - updated ICA engine patch - ca-bundle.crt should be config(noreplace) - add *.so.soversion as symlinks in /lib (#165264) - remove unpackaged symlinks (#159595) - fixes from upstream (bn assembler div on ppc arch, initialize memory on realloc) openssl097a-0.9.7a-3.1 : - Tue Oct 11 2005 Tomas Mraz <tmraz at redhat.com> 0.9.7a-3.1 - fix CVE-2005-2969 - remove SSL_OP_MSIE_SSLV2_RSA_PADDING which disables the countermeasure against man in the middle attack in SSLv2 (#169863) - more fixes for constant time/memory access for DSA signature algorithm - updated ICA engine patch Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id20023
    published2005-10-19
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20023
    titleFedora Core 4 : openssl-0.9.7f-7.10 / openssl097a-0.9.7a-3.1 (2005-986)
  • NASL familyWeb Servers
    NASL idOPENSSL_0_9_7H_0_9_8A.NASL
    descriptionAccording to its banner, the remote server is running a version of OpenSSL that is earlier than 0.9.7h or 0.9.8a. If the SSL_OP_MSIE_SSLV2_RSA_PADDING option is used, a remote attacker could force a client to downgrade to a weaker protocol and implement a man-in-the-middle attack.
    last seen2020-06-01
    modified2020-06-02
    plugin id17755
    published2012-01-04
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/17755
    titleOpenSSL < 0.9.7h / 0.9.8a Protocol Version Rollback
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SA_2005_061.NASL
    descriptionThe remote host is missing the patch for the advisory SUSE-SA:2005:061 (openssl). The openssl cryptographic libraries have been updated to fix a protocol downgrading attack which allows a man-in-the-middle attacker to force the usage of SSLv2. This happens due to the work-around code of SSL_OP_MSIE_SSLV2_RSA_PADDING which is included in SSL_OP_ALL (which is commonly used in applications). (CVE-2005-2969) Additionally this update adds the Geotrusts Equifax Root1 CA certificate to allow correct certification against Novell Inc. websites and services. The same CA is already included in Mozilla, KDE, and curl, which use separate certificate stores.
    last seen2019-10-28
    modified2005-10-20
    plugin id20064
    published2005-10-20
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20064
    titleSUSE-SA:2005:061: openssl
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0264.NASL
    descriptionRed Hat Network Satellite Server version 5.0.2 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server Solaris client components. This update has been rated as having moderate security impact by the Red Hat Security Response Team. This release corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server Solaris client. In a typical operating environment, these components are not used by the Satellite Server in a vulnerable manner. These security updates will reduce risk should these components be used by other applications. Two denial-of-service flaws were fixed in ZLib. (CVE-2005-2096, CVE-2005-1849) Multiple flaws were fixed in OpenSSL. (CVE-2006-4343, CVE-2006-4339, CVE-2006-3738, CVE-2006-2940, CVE-2006-2937, CVE-2005-2969) Multiple flaws were fixed in Python. (CVE-2007-4965, CVE-2007-2052, CVE-2006-4980, CVE-2006-1542) Users of Red Hat Network Satellite Server 5.0.1 are advised to upgrade to 5.0.2, which resolves these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id43836
    published2010-01-10
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43836
    titleRHEL 4 : Solaris client in Satellite Server (RHSA-2008:0264)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_121229-02.NASL
    descriptionSunOS 5.10: libssl patch. Date this patch was last updated by Sun : Apr/23/07
    last seen2020-06-01
    modified2020-06-02
    plugin id107376
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107376
    titleSolaris 10 (sparc) : 121229-02
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_121229.NASL
    descriptionSunOS 5.10: libssl patch. Date this patch was last updated by Sun : Apr/23/07
    last seen2018-09-01
    modified2018-08-13
    plugin id20272
    published2005-12-07
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=20272
    titleSolaris 10 (sparc) : 121229-02
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-881.NASL
    descriptionYutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer (OpenSSL) library that can allow an attacker to perform active protocol-version rollback attacks that could lead to the use of the weaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS 1.0. The following matrix explains which version in which distribution has this problem corrected. oldstable (woody) stable (sarge) unstable (sid) openssl 0.9.6c-2.woody.8 0.9.7e-3sarge1 0.9.8-3 openssl094 0.9.4-6.woody.4 n/a n/a openssl095 0.9.5a-6.woody.6 n/a n/a openssl096 n/a 0.9.6m-1sarge1 n/a openssl097 n/a n/a 0.9.7g-5
    last seen2020-06-01
    modified2020-06-02
    plugin id22747
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22747
    titleDebian DSA-881-1 : openssl096 - cryptographic weakness
  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL5533.NASL
    descriptionThe remote BIG-IP device is missing a patch required by a security advisory.
    last seen2020-06-01
    modified2020-06-02
    plugin id78206
    published2014-10-10
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78206
    titleF5 Networks BIG-IP : Potential protocol version rollback vulnerability in OpenSSL (SOL5533)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2005-286-01.NASL
    descriptionNew OpenSSL packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix a security issue. Under certain conditions, an attacker acting as a
    last seen2020-06-01
    modified2020-06-02
    plugin id20017
    published2005-10-19
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/20017
    titleSlackware 10.0 / 10.1 / 10.2 / 8.1 / 9.0 / 9.1 / current : OpenSSL (SSA:2005-286-01)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-875.NASL
    descriptionYutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer (OpenSSL) library that can allow an attacker to perform active protocol-version rollback attacks that could lead to the use of the weaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS 1.0. The following matrix explains which version in which distribution has this problem corrected. oldstable (woody) stable (sarge) unstable (sid) openssl 0.9.6c-2.woody.8 0.9.7e-3sarge1 0.9.8-3 openssl094 0.9.4-6.woody.4 n/a n/a openssl095 0.9.5a-6.woody.6 n/a n/a openssl096 n/a 0.9.6m-1sarge1 n/a openssl097 n/a n/a 0.9.7g-5
    last seen2020-06-01
    modified2020-06-02
    plugin id22741
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22741
    titleDebian DSA-875-1 : openssl094 - cryptographic weakness
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2005-009.NASL
    descriptionThe remote host is running Apple Mac OS X, but lacks Security Update 2005-009. This security update contains fixes for the following applications : - Apache2 - Apache_mod_ssl - CoreFoundation - curl - iodbcadmintool - OpenSSL - passwordserver - Safari - sudo - syslog
    last seen2020-06-01
    modified2020-06-02
    plugin id20249
    published2005-11-30
    reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20249
    titleMac OS X Multiple Vulnerabilities (Security Update 2005-009)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0525.NASL
    descriptionRed Hat Network Satellite Server version 4.2.3 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server Solaris client components. This update has been rated as having moderate security impact by the Red Hat Security Response Team. This release corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server Solaris client. In a typical operating environment, these components are not used by the Satellite Server in a vulnerable manner. These security updates will reduce risk should these components be used by other applications. Several flaws in Zlib was discovered. An attacker could create a carefully-crafted compressed stream that would cause an application to crash if the stream is opened by a user. (CVE-2005-2096). An attacker could create a carefully crafted compressed stream that would cause an application to crash if the stream is opened by a user. (CVE-2005-1849) A buffer overflow was discovered in the OpenSSL SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer (CVE-2006-3738). A flaw in the SSLv2 client code was discovered. If a client application used OpenSSL to create an SSLv2 connection to a malicious server, that server could cause the client to crash. (CVE-2006-4343) An attack on OpenSSL PKCS #1 v1.5 signatures was discovered. Where an RSA key with exponent 3 is used it may be possible for an attacker to forge a PKCS #1 v1.5 signature that would be incorrectly verified by implementations that do not check for excess data in the RSA exponentiation result of the signature. This issue affected applications that use OpenSSL to verify X.509 certificates as well as other uses of PKCS #1 v1.5. (CVE-2006-4339) OpenSSL contained a software work-around for a bug in SSL handling in Microsoft Internet Explorer version 3.0.2. It is enabled in most servers that use OpenSSL to provide support for SSL and TLS. This work-around could allow an attacker, acting as a
    last seen2020-06-01
    modified2020-06-02
    plugin id43838
    published2010-01-10
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43838
    titleRHEL 3 / 4 : Solaris client in Satellite Server (RHSA-2008:0525)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-204-1.NASL
    descriptionYutaka Oiwa discovered a possible cryptographic weakness in OpenSSL applications. Applications using the OpenSSL library can use the SSL_OP_MSIE_SSLV2_RSA_PADDING option (or SSL_OP_ALL, which implies the former) to maintain compatibility with third-party products, which is achieved by working around known bugs in them. The SSL_OP_MSIE_SSLV2_RSA_PADDING option disabled a verification step in the SSL 2.0 server supposed to prevent active protocol-version rollback attacks. With this verification step disabled, an attacker acting as a
    last seen2020-06-01
    modified2020-06-02
    plugin id20620
    published2006-01-15
    reporterUbuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20620
    titleUbuntu 4.10 / 5.04 / 5.10 : openssl vulnerability (USN-204-1)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2005-179.NASL
    descriptionYutaka Oiwa discovered vulnerability potentially affects applications that use the SSL/TLS server implementation provided by OpenSSL. Such applications are affected if they use the option SSL_OP_MSIE_SSLV2_RSA_PADDING. This option is implied by use of SSL_OP_ALL, which is intended to work around various bugs in third- party software that might prevent interoperability. The SSL_OP_MSIE_SSLV2_RSA_PADDING option disables a verification step in the SSL 2.0 server supposed to prevent active protocol-version rollback attacks. With this verification step disabled, an attacker acting as a
    last seen2020-06-01
    modified2020-06-02
    plugin id20039
    published2005-10-19
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20039
    titleMandrake Linux Security Advisory : openssl (MDKSA-2005:179)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2005-800.NASL
    descriptionUpdated OpenSSL packages that fix various security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. OpenSSL contained a software work-around for a bug in SSL handling in Microsoft Internet Explorer version 3.0.2. This work-around is enabled in most servers that use OpenSSL to provide support for SSL and TLS. Yutaka Oiwa discovered that this work-around could allow an attacker, acting as a
    last seen2020-06-01
    modified2020-06-02
    plugin id21861
    published2006-07-03
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21861
    titleCentOS 3 / 4 : openssl (CESA-2005:800)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-762.NASL
    descriptionAn updated RealPlayer package that fixes a format string bug is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. RealPlayer is a media player that provides media playback locally and via streaming. A format string bug was discovered in the way RealPlayer processes RealPix (.rp) files. It is possible for a malformed RealPix file to execute arbitrary code as the user running RealPlayer. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2710 to this issue. All users of RealPlayer are advised to upgrade to this updated package, which contains RealPlayer version 10.0.6 and is not vulnerable to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id63829
    published2013-01-24
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/63829
    titleRHEL 3 / 4 : RealPlayer (RHSA-2005:762)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-882.NASL
    descriptionYutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer (OpenSSL) library that can allow an attacker to perform active protocol-version rollback attacks that could lead to the use of the weaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS 1.0. The following matrix explains which version in which distribution has this problem corrected. oldstable (woody) stable (sarge) unstable (sid) openssl 0.9.6c-2.woody.8 0.9.7e-3sarge1 0.9.8-3 openssl094 0.9.4-6.woody.4 n/a n/a openssl095 0.9.5a-6.woody.6 n/a n/a openssl096 n/a 0.9.6m-1sarge1 n/a openssl097 n/a n/a 0.9.7g-5
    last seen2020-06-01
    modified2020-06-02
    plugin id22748
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22748
    titleDebian DSA-882-1 : openssl095 - cryptographic weakness
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2005-985.NASL
    descriptionThe remote Fedora Core host is missing one or more security updates : openssl-0.9.7a-42.2 : - Tue Oct 11 2005 Tomas Mraz <tmraz at redhat.com> 0.9.7a-42.2 - fix CVE-2005-2969 - remove SSL_OP_MSIE_SSLV2_RSA_PADDING which disables the countermeasure against man in the middle attack in SSLv2 (#169863) - more fixes for constant time/memory access for DSA signature algorithm - updated ICA engine patch - install ca-bundle.crt as a config file openssl096b-0.9.6b-21.2 : - Thu Oct 6 2005 Tomas Mraz <tmraz at redhat.com> 0.9.6b-21.2 - fix CVE-2005-2969 - remove SSL_OP_MSIE_SSLV2_RSA_PADDING which disables the countermeasure against man in the middle attack in SSLv2 (#169863) - more fixes for constant time/memory access for DSA signature algorithm - replaced add-luna patch with new one with right license (#158061) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id20022
    published2005-10-19
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20022
    titleFedora Core 3 : openssl-0.9.7a-42.2 / openssl096b-0.9.6b-21.2 (2005-985)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0629.NASL
    descriptionRed Hat Network Satellite Server version 5.1.1 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server Solaris client components. This update has been rated as having moderate security impact by the Red Hat Security Response Team. This release corrects several security vulnerabilities in components shipped as part of the Red Hat Network Satellite Server Solaris client. In a typical operating environment, these components are not used by the Satellite Server in a vulnerable manner. These security updates will reduce risk should these components be used by other applications. Several flaws in Zlib were discovered. An attacker could create a carefully-crafted compressed stream that would cause an application to crash if the stream was opened by a user. (CVE-2005-2096, CVE-2005-1849) A buffer overflow was discovered in the OpenSSL SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer (CVE-2006-3738). A flaw in the SSLv2 client code was discovered. If a client application used OpenSSL to create an SSLv2 connection to a malicious server, that server could cause the client to crash. (CVE-2006-4343) An attack on OpenSSL PKCS #1 v1.5 signatures was discovered. Where an RSA key with exponent 3 was used an attacker could, potentially, forge a PKCS #1 v1.5 signature that would be incorrectly verified by implementations that do not check for excess data in the RSA exponentiation result of the signature. This issue affected applications that use OpenSSL to verify X.509 certificates as well as other uses of PKCS #1 v1.5. (CVE-2006-4339) OpenSSL contained a software work-around for a bug in SSL handling in Microsoft Internet Explorer version 3.0.2. It is enabled in most servers that use OpenSSL to provide support for SSL and TLS. This work-around was vulnerable to a man-in-the-middle attack which allowed a remote user to force an SSL connection to use SSL 2.0, rather than a stronger protocol, such as SSL 3.0 or TLS 1.0. (CVE-2005-2969) During OpenSSL parsing of certain invalid ASN.1 structures, an error condition was mishandled. This could result in an infinite loop which consumed system memory (CVE-2006-2937). Certain public key types could take disproportionate amounts of time to process in OpenSSL, leading to a denial of service. (CVE-2006-2940) A flaw was discovered in the Python repr() function
    last seen2020-06-01
    modified2020-06-02
    plugin id43839
    published2010-01-10
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43839
    titleRHEL 4 : Solaris client in Satellite Server (RHSA-2008:0629)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-800.NASL
    descriptionUpdated OpenSSL packages that fix various security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. OpenSSL contained a software work-around for a bug in SSL handling in Microsoft Internet Explorer version 3.0.2. This work-around is enabled in most servers that use OpenSSL to provide support for SSL and TLS. Yutaka Oiwa discovered that this work-around could allow an attacker, acting as a
    last seen2020-06-01
    modified2020-06-02
    plugin id20050
    published2005-10-19
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/20050
    titleRHEL 2.1 / 3 / 4 : openssl (RHSA-2005:800)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200510-11.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200510-11 (OpenSSL: SSL 2.0 protocol rollback) Applications setting the SSL_OP_MSIE_SSLV2_RSA_PADDING option (or the SSL_OP_ALL option, that implies it) can be forced by a third-party to fallback to the less secure SSL 2.0 protocol, even if both parties support the more secure SSL 3.0 or TLS 1.0 protocols. Impact : A man-in-the-middle attacker can weaken the encryption used to communicate between two parties, potentially revealing sensitive information. Workaround : If possible, disable the use of SSL 2.0 in all OpenSSL-enabled applications.
    last seen2020-06-01
    modified2020-06-02
    plugin id20031
    published2005-10-19
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/20031
    titleGLSA-200510-11 : OpenSSL: SSL 2.0 protocol rollback
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-888.NASL
    descriptionYutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer (OpenSSL) library that can allow an attacker to perform active protocol-version rollback attacks that could lead to the use of the weaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS 1.0. The following matrix explains which version in which distribution has this problem corrected. oldstable (woody) stable (sarge) unstable (sid) openssl 0.9.6c-2.woody.8 0.9.7e-3sarge1 0.9.8-3 openssl094 0.9.4-6.woody.4 n/a n/a openssl095 0.9.5a-6.woody.6 n/a n/a openssl096 n/a 0.9.6m-1sarge1 n/a openssl097 n/a n/a 0.9.7g-5
    last seen2020-06-01
    modified2020-06-02
    plugin id22754
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22754
    titleDebian DSA-888-1 : openssl - cryptographic weakness

Oval

accepted2013-04-29T04:14:09.450-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
descriptionThe SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack.
familyunix
idoval:org.mitre.oval:def:11454
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleThe SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack.
version26

Redhat

advisories
  • rhsa
    idRHSA-2005:762
  • rhsa
    idRHSA-2005:800
  • rhsa
    idRHSA-2008:0629
rpms
  • openssl-0:0.9.7a-33.17
  • openssl-0:0.9.7a-43.4
  • openssl-debuginfo-0:0.9.7a-33.17
  • openssl-debuginfo-0:0.9.7a-43.4
  • openssl-devel-0:0.9.7a-33.17
  • openssl-devel-0:0.9.7a-43.4
  • openssl-perl-0:0.9.7a-33.17
  • openssl-perl-0:0.9.7a-43.4
  • openssl096b-0:0.9.6b-16.22.4
  • openssl096b-0:0.9.6b-22.4
  • openssl096b-debuginfo-0:0.9.6b-16.22.4
  • openssl096b-debuginfo-0:0.9.6b-22.4
  • rhn-solaris-bootstrap-0:5.0.2-3
  • rhn_solaris_bootstrap_5_0_2_3-0:1-0
  • rhn-solaris-bootstrap-0:5.0.2-3
  • rhn_solaris_bootstrap_5_0_2_3-0:1-0
  • rhn-solaris-bootstrap-0:5.1.1-3
  • rhn_solaris_bootstrap_5_1_1_3-0:1-0

Statements

contributorMark J Cox
lastmodified2007-03-14
organizationRed Hat
statementRed Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

References