Vulnerabilities > CVE-2005-2969 - Unspecified vulnerability in Openssl
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 9 |
Nessus
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_60E26A403B2511DA948400123FFE8333.NASL description Vulnerability : Such applications are affected if they use the option SSL_OP_MSIE_SSLV2_RSA_PADDING. This option is implied by use of SSL_OP_ALL, which is intended to work around various bugs in third-party software that might prevent interoperability. The SSL_OP_MSIE_SSLV2_RSA_PADDING option disables a verification step in the SSL 2.0 server supposed to prevent active protocol-version rollback attacks. With this verification step disabled, an attacker acting as a last seen 2020-06-01 modified 2020-06-02 plugin id 21435 published 2006-05-13 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21435 title FreeBSD : openssl -- potential SSL 2.0 rollback (60e26a40-3b25-11da-9484-00123ffe8333) NASL family Fedora Local Security Checks NASL id FEDORA_2005-986.NASL description The remote Fedora Core host is missing one or more security updates : openssl-0.9.7f-7.10 : - Wed Oct 12 2005 Tomas Mraz <tmraz at redhat.com> 0.9.7f-7.10 - fix CVE-2005-2969 - remove SSL_OP_MSIE_SSLV2_RSA_PADDING which disables the countermeasure against man in the middle attack in SSLv2 (#169863) - more fixes for constant time/memory access for DSA signature algorithm - updated ICA engine patch - ca-bundle.crt should be config(noreplace) - add *.so.soversion as symlinks in /lib (#165264) - remove unpackaged symlinks (#159595) - fixes from upstream (bn assembler div on ppc arch, initialize memory on realloc) openssl097a-0.9.7a-3.1 : - Tue Oct 11 2005 Tomas Mraz <tmraz at redhat.com> 0.9.7a-3.1 - fix CVE-2005-2969 - remove SSL_OP_MSIE_SSLV2_RSA_PADDING which disables the countermeasure against man in the middle attack in SSLv2 (#169863) - more fixes for constant time/memory access for DSA signature algorithm - updated ICA engine patch Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 20023 published 2005-10-19 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20023 title Fedora Core 4 : openssl-0.9.7f-7.10 / openssl097a-0.9.7a-3.1 (2005-986) NASL family Web Servers NASL id OPENSSL_0_9_7H_0_9_8A.NASL description According to its banner, the remote server is running a version of OpenSSL that is earlier than 0.9.7h or 0.9.8a. If the SSL_OP_MSIE_SSLV2_RSA_PADDING option is used, a remote attacker could force a client to downgrade to a weaker protocol and implement a man-in-the-middle attack. last seen 2020-06-01 modified 2020-06-02 plugin id 17755 published 2012-01-04 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17755 title OpenSSL < 0.9.7h / 0.9.8a Protocol Version Rollback NASL family SuSE Local Security Checks NASL id SUSE_SA_2005_061.NASL description The remote host is missing the patch for the advisory SUSE-SA:2005:061 (openssl). The openssl cryptographic libraries have been updated to fix a protocol downgrading attack which allows a man-in-the-middle attacker to force the usage of SSLv2. This happens due to the work-around code of SSL_OP_MSIE_SSLV2_RSA_PADDING which is included in SSL_OP_ALL (which is commonly used in applications). (CVE-2005-2969) Additionally this update adds the Geotrusts Equifax Root1 CA certificate to allow correct certification against Novell Inc. websites and services. The same CA is already included in Mozilla, KDE, and curl, which use separate certificate stores. last seen 2019-10-28 modified 2005-10-20 plugin id 20064 published 2005-10-20 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20064 title SUSE-SA:2005:061: openssl NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0264.NASL description Red Hat Network Satellite Server version 5.0.2 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server Solaris client components. This update has been rated as having moderate security impact by the Red Hat Security Response Team. This release corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server Solaris client. In a typical operating environment, these components are not used by the Satellite Server in a vulnerable manner. These security updates will reduce risk should these components be used by other applications. Two denial-of-service flaws were fixed in ZLib. (CVE-2005-2096, CVE-2005-1849) Multiple flaws were fixed in OpenSSL. (CVE-2006-4343, CVE-2006-4339, CVE-2006-3738, CVE-2006-2940, CVE-2006-2937, CVE-2005-2969) Multiple flaws were fixed in Python. (CVE-2007-4965, CVE-2007-2052, CVE-2006-4980, CVE-2006-1542) Users of Red Hat Network Satellite Server 5.0.1 are advised to upgrade to 5.0.2, which resolves these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 43836 published 2010-01-10 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43836 title RHEL 4 : Solaris client in Satellite Server (RHSA-2008:0264) NASL family Solaris Local Security Checks NASL id SOLARIS10_121229-02.NASL description SunOS 5.10: libssl patch. Date this patch was last updated by Sun : Apr/23/07 last seen 2020-06-01 modified 2020-06-02 plugin id 107376 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107376 title Solaris 10 (sparc) : 121229-02 NASL family Solaris Local Security Checks NASL id SOLARIS10_121229.NASL description SunOS 5.10: libssl patch. Date this patch was last updated by Sun : Apr/23/07 last seen 2018-09-01 modified 2018-08-13 plugin id 20272 published 2005-12-07 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=20272 title Solaris 10 (sparc) : 121229-02 NASL family Debian Local Security Checks NASL id DEBIAN_DSA-881.NASL description Yutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer (OpenSSL) library that can allow an attacker to perform active protocol-version rollback attacks that could lead to the use of the weaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS 1.0. The following matrix explains which version in which distribution has this problem corrected. oldstable (woody) stable (sarge) unstable (sid) openssl 0.9.6c-2.woody.8 0.9.7e-3sarge1 0.9.8-3 openssl094 0.9.4-6.woody.4 n/a n/a openssl095 0.9.5a-6.woody.6 n/a n/a openssl096 n/a 0.9.6m-1sarge1 n/a openssl097 n/a n/a 0.9.7g-5 last seen 2020-06-01 modified 2020-06-02 plugin id 22747 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22747 title Debian DSA-881-1 : openssl096 - cryptographic weakness NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL5533.NASL description The remote BIG-IP device is missing a patch required by a security advisory. last seen 2020-06-01 modified 2020-06-02 plugin id 78206 published 2014-10-10 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78206 title F5 Networks BIG-IP : Potential protocol version rollback vulnerability in OpenSSL (SOL5533) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2005-286-01.NASL description New OpenSSL packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, and -current to fix a security issue. Under certain conditions, an attacker acting as a last seen 2020-06-01 modified 2020-06-02 plugin id 20017 published 2005-10-19 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/20017 title Slackware 10.0 / 10.1 / 10.2 / 8.1 / 9.0 / 9.1 / current : OpenSSL (SSA:2005-286-01) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-875.NASL description Yutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer (OpenSSL) library that can allow an attacker to perform active protocol-version rollback attacks that could lead to the use of the weaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS 1.0. The following matrix explains which version in which distribution has this problem corrected. oldstable (woody) stable (sarge) unstable (sid) openssl 0.9.6c-2.woody.8 0.9.7e-3sarge1 0.9.8-3 openssl094 0.9.4-6.woody.4 n/a n/a openssl095 0.9.5a-6.woody.6 n/a n/a openssl096 n/a 0.9.6m-1sarge1 n/a openssl097 n/a n/a 0.9.7g-5 last seen 2020-06-01 modified 2020-06-02 plugin id 22741 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22741 title Debian DSA-875-1 : openssl094 - cryptographic weakness NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2005-009.NASL description The remote host is running Apple Mac OS X, but lacks Security Update 2005-009. This security update contains fixes for the following applications : - Apache2 - Apache_mod_ssl - CoreFoundation - curl - iodbcadmintool - OpenSSL - passwordserver - Safari - sudo - syslog last seen 2020-06-01 modified 2020-06-02 plugin id 20249 published 2005-11-30 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20249 title Mac OS X Multiple Vulnerabilities (Security Update 2005-009) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0525.NASL description Red Hat Network Satellite Server version 4.2.3 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server Solaris client components. This update has been rated as having moderate security impact by the Red Hat Security Response Team. This release corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server Solaris client. In a typical operating environment, these components are not used by the Satellite Server in a vulnerable manner. These security updates will reduce risk should these components be used by other applications. Several flaws in Zlib was discovered. An attacker could create a carefully-crafted compressed stream that would cause an application to crash if the stream is opened by a user. (CVE-2005-2096). An attacker could create a carefully crafted compressed stream that would cause an application to crash if the stream is opened by a user. (CVE-2005-1849) A buffer overflow was discovered in the OpenSSL SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer (CVE-2006-3738). A flaw in the SSLv2 client code was discovered. If a client application used OpenSSL to create an SSLv2 connection to a malicious server, that server could cause the client to crash. (CVE-2006-4343) An attack on OpenSSL PKCS #1 v1.5 signatures was discovered. Where an RSA key with exponent 3 is used it may be possible for an attacker to forge a PKCS #1 v1.5 signature that would be incorrectly verified by implementations that do not check for excess data in the RSA exponentiation result of the signature. This issue affected applications that use OpenSSL to verify X.509 certificates as well as other uses of PKCS #1 v1.5. (CVE-2006-4339) OpenSSL contained a software work-around for a bug in SSL handling in Microsoft Internet Explorer version 3.0.2. It is enabled in most servers that use OpenSSL to provide support for SSL and TLS. This work-around could allow an attacker, acting as a last seen 2020-06-01 modified 2020-06-02 plugin id 43838 published 2010-01-10 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43838 title RHEL 3 / 4 : Solaris client in Satellite Server (RHSA-2008:0525) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-204-1.NASL description Yutaka Oiwa discovered a possible cryptographic weakness in OpenSSL applications. Applications using the OpenSSL library can use the SSL_OP_MSIE_SSLV2_RSA_PADDING option (or SSL_OP_ALL, which implies the former) to maintain compatibility with third-party products, which is achieved by working around known bugs in them. The SSL_OP_MSIE_SSLV2_RSA_PADDING option disabled a verification step in the SSL 2.0 server supposed to prevent active protocol-version rollback attacks. With this verification step disabled, an attacker acting as a last seen 2020-06-01 modified 2020-06-02 plugin id 20620 published 2006-01-15 reporter Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20620 title Ubuntu 4.10 / 5.04 / 5.10 : openssl vulnerability (USN-204-1) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-179.NASL description Yutaka Oiwa discovered vulnerability potentially affects applications that use the SSL/TLS server implementation provided by OpenSSL. Such applications are affected if they use the option SSL_OP_MSIE_SSLV2_RSA_PADDING. This option is implied by use of SSL_OP_ALL, which is intended to work around various bugs in third- party software that might prevent interoperability. The SSL_OP_MSIE_SSLV2_RSA_PADDING option disables a verification step in the SSL 2.0 server supposed to prevent active protocol-version rollback attacks. With this verification step disabled, an attacker acting as a last seen 2020-06-01 modified 2020-06-02 plugin id 20039 published 2005-10-19 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20039 title Mandrake Linux Security Advisory : openssl (MDKSA-2005:179) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2005-800.NASL description Updated OpenSSL packages that fix various security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. OpenSSL contained a software work-around for a bug in SSL handling in Microsoft Internet Explorer version 3.0.2. This work-around is enabled in most servers that use OpenSSL to provide support for SSL and TLS. Yutaka Oiwa discovered that this work-around could allow an attacker, acting as a last seen 2020-06-01 modified 2020-06-02 plugin id 21861 published 2006-07-03 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21861 title CentOS 3 / 4 : openssl (CESA-2005:800) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-762.NASL description An updated RealPlayer package that fixes a format string bug is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. RealPlayer is a media player that provides media playback locally and via streaming. A format string bug was discovered in the way RealPlayer processes RealPix (.rp) files. It is possible for a malformed RealPix file to execute arbitrary code as the user running RealPlayer. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2710 to this issue. All users of RealPlayer are advised to upgrade to this updated package, which contains RealPlayer version 10.0.6 and is not vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 63829 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63829 title RHEL 3 / 4 : RealPlayer (RHSA-2005:762) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-882.NASL description Yutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer (OpenSSL) library that can allow an attacker to perform active protocol-version rollback attacks that could lead to the use of the weaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS 1.0. The following matrix explains which version in which distribution has this problem corrected. oldstable (woody) stable (sarge) unstable (sid) openssl 0.9.6c-2.woody.8 0.9.7e-3sarge1 0.9.8-3 openssl094 0.9.4-6.woody.4 n/a n/a openssl095 0.9.5a-6.woody.6 n/a n/a openssl096 n/a 0.9.6m-1sarge1 n/a openssl097 n/a n/a 0.9.7g-5 last seen 2020-06-01 modified 2020-06-02 plugin id 22748 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22748 title Debian DSA-882-1 : openssl095 - cryptographic weakness NASL family Fedora Local Security Checks NASL id FEDORA_2005-985.NASL description The remote Fedora Core host is missing one or more security updates : openssl-0.9.7a-42.2 : - Tue Oct 11 2005 Tomas Mraz <tmraz at redhat.com> 0.9.7a-42.2 - fix CVE-2005-2969 - remove SSL_OP_MSIE_SSLV2_RSA_PADDING which disables the countermeasure against man in the middle attack in SSLv2 (#169863) - more fixes for constant time/memory access for DSA signature algorithm - updated ICA engine patch - install ca-bundle.crt as a config file openssl096b-0.9.6b-21.2 : - Thu Oct 6 2005 Tomas Mraz <tmraz at redhat.com> 0.9.6b-21.2 - fix CVE-2005-2969 - remove SSL_OP_MSIE_SSLV2_RSA_PADDING which disables the countermeasure against man in the middle attack in SSLv2 (#169863) - more fixes for constant time/memory access for DSA signature algorithm - replaced add-luna patch with new one with right license (#158061) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 20022 published 2005-10-19 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20022 title Fedora Core 3 : openssl-0.9.7a-42.2 / openssl096b-0.9.6b-21.2 (2005-985) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0629.NASL description Red Hat Network Satellite Server version 5.1.1 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server Solaris client components. This update has been rated as having moderate security impact by the Red Hat Security Response Team. This release corrects several security vulnerabilities in components shipped as part of the Red Hat Network Satellite Server Solaris client. In a typical operating environment, these components are not used by the Satellite Server in a vulnerable manner. These security updates will reduce risk should these components be used by other applications. Several flaws in Zlib were discovered. An attacker could create a carefully-crafted compressed stream that would cause an application to crash if the stream was opened by a user. (CVE-2005-2096, CVE-2005-1849) A buffer overflow was discovered in the OpenSSL SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer (CVE-2006-3738). A flaw in the SSLv2 client code was discovered. If a client application used OpenSSL to create an SSLv2 connection to a malicious server, that server could cause the client to crash. (CVE-2006-4343) An attack on OpenSSL PKCS #1 v1.5 signatures was discovered. Where an RSA key with exponent 3 was used an attacker could, potentially, forge a PKCS #1 v1.5 signature that would be incorrectly verified by implementations that do not check for excess data in the RSA exponentiation result of the signature. This issue affected applications that use OpenSSL to verify X.509 certificates as well as other uses of PKCS #1 v1.5. (CVE-2006-4339) OpenSSL contained a software work-around for a bug in SSL handling in Microsoft Internet Explorer version 3.0.2. It is enabled in most servers that use OpenSSL to provide support for SSL and TLS. This work-around was vulnerable to a man-in-the-middle attack which allowed a remote user to force an SSL connection to use SSL 2.0, rather than a stronger protocol, such as SSL 3.0 or TLS 1.0. (CVE-2005-2969) During OpenSSL parsing of certain invalid ASN.1 structures, an error condition was mishandled. This could result in an infinite loop which consumed system memory (CVE-2006-2937). Certain public key types could take disproportionate amounts of time to process in OpenSSL, leading to a denial of service. (CVE-2006-2940) A flaw was discovered in the Python repr() function last seen 2020-06-01 modified 2020-06-02 plugin id 43839 published 2010-01-10 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43839 title RHEL 4 : Solaris client in Satellite Server (RHSA-2008:0629) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-800.NASL description Updated OpenSSL packages that fix various security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. OpenSSL contained a software work-around for a bug in SSL handling in Microsoft Internet Explorer version 3.0.2. This work-around is enabled in most servers that use OpenSSL to provide support for SSL and TLS. Yutaka Oiwa discovered that this work-around could allow an attacker, acting as a last seen 2020-06-01 modified 2020-06-02 plugin id 20050 published 2005-10-19 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/20050 title RHEL 2.1 / 3 / 4 : openssl (RHSA-2005:800) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200510-11.NASL description The remote host is affected by the vulnerability described in GLSA-200510-11 (OpenSSL: SSL 2.0 protocol rollback) Applications setting the SSL_OP_MSIE_SSLV2_RSA_PADDING option (or the SSL_OP_ALL option, that implies it) can be forced by a third-party to fallback to the less secure SSL 2.0 protocol, even if both parties support the more secure SSL 3.0 or TLS 1.0 protocols. Impact : A man-in-the-middle attacker can weaken the encryption used to communicate between two parties, potentially revealing sensitive information. Workaround : If possible, disable the use of SSL 2.0 in all OpenSSL-enabled applications. last seen 2020-06-01 modified 2020-06-02 plugin id 20031 published 2005-10-19 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/20031 title GLSA-200510-11 : OpenSSL: SSL 2.0 protocol rollback NASL family Debian Local Security Checks NASL id DEBIAN_DSA-888.NASL description Yutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer (OpenSSL) library that can allow an attacker to perform active protocol-version rollback attacks that could lead to the use of the weaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS 1.0. The following matrix explains which version in which distribution has this problem corrected. oldstable (woody) stable (sarge) unstable (sid) openssl 0.9.6c-2.woody.8 0.9.7e-3sarge1 0.9.8-3 openssl094 0.9.4-6.woody.4 n/a n/a openssl095 0.9.5a-6.woody.6 n/a n/a openssl096 n/a 0.9.6m-1sarge1 n/a openssl097 n/a n/a 0.9.7g-5 last seen 2020-06-01 modified 2020-06-02 plugin id 22754 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22754 title Debian DSA-888-1 : openssl - cryptographic weakness
Oval
accepted | 2013-04-29T04:14:09.450-04:00 | ||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||
contributors |
| ||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||
description | The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack. | ||||||||||||||||||||
family | unix | ||||||||||||||||||||
id | oval:org.mitre.oval:def:11454 | ||||||||||||||||||||
status | accepted | ||||||||||||||||||||
submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||
title | The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack. | ||||||||||||||||||||
version | 26 |
Redhat
advisories |
| ||||||||||||
rpms |
|
Statements
contributor | Mark J Cox |
lastmodified | 2007-03-14 |
organization | Red Hat |
statement | Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. |
References
- ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers/dir5.10.3_docs_relnotes.pdf
- http://docs.info.apple.com/article.html?artnum=302847
- http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100
- http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540
- http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html
- http://secunia.com/advisories/17146
- http://secunia.com/advisories/17151
- http://secunia.com/advisories/17153
- http://secunia.com/advisories/17169
- http://secunia.com/advisories/17178
- http://secunia.com/advisories/17180
- http://secunia.com/advisories/17189
- http://secunia.com/advisories/17191
- http://secunia.com/advisories/17210
- http://secunia.com/advisories/17259
- http://secunia.com/advisories/17288
- http://secunia.com/advisories/17335
- http://secunia.com/advisories/17344
- http://secunia.com/advisories/17389
- http://secunia.com/advisories/17409
- http://secunia.com/advisories/17432
- http://secunia.com/advisories/17466
- http://secunia.com/advisories/17589
- http://secunia.com/advisories/17617
- http://secunia.com/advisories/17632
- http://secunia.com/advisories/17813
- http://secunia.com/advisories/17888
- http://secunia.com/advisories/18045
- http://secunia.com/advisories/18123
- http://secunia.com/advisories/18165
- http://secunia.com/advisories/18663
- http://secunia.com/advisories/19185
- http://secunia.com/advisories/21827
- http://secunia.com/advisories/23280
- http://secunia.com/advisories/23340
- http://secunia.com/advisories/23843
- http://secunia.com/advisories/23915
- http://secunia.com/advisories/25973
- http://secunia.com/advisories/26893
- http://secunia.com/advisories/31492
- http://securitytracker.com/id?1015032
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-101974-1
- http://support.avaya.com/elmodocs2/security/ASA-2006-031.htm
- http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm
- http://www.cisco.com/warp/public/707/cisco-response-20051202-openssl.shtml
- http://www.debian.org/security/2005/dsa-875
- http://www.debian.org/security/2005/dsa-881
- http://www.debian.org/security/2005/dsa-882
- http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html
- http://www.hitachi-support.com/security_e/vuls_e/HS07-016_e/index-e.html
- http://www.juniper.net/support/security/alerts/PSN-2005-12-025.txt
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:179
- http://www.novell.com/linux/security/advisories/2005_61_openssl.html
- http://www.openssl.org/news/secadv_20051011.txt
- http://www.redhat.com/support/errata/RHSA-2005-762.html
- http://www.redhat.com/support/errata/RHSA-2005-800.html
- http://www.redhat.com/support/errata/RHSA-2008-0629.html
- http://www.securityfocus.com/bid/15071
- http://www.securityfocus.com/bid/15647
- http://www.securityfocus.com/bid/24799
- http://www.vupen.com/english/advisories/2005/2036
- http://www.vupen.com/english/advisories/2005/2659
- http://www.vupen.com/english/advisories/2005/2710
- http://www.vupen.com/english/advisories/2005/2908
- http://www.vupen.com/english/advisories/2005/3002
- http://www.vupen.com/english/advisories/2005/3056
- http://www.vupen.com/english/advisories/2006/3531
- http://www.vupen.com/english/advisories/2007/0326
- http://www.vupen.com/english/advisories/2007/0343
- http://www.vupen.com/english/advisories/2007/2457
- http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVHMCHMC_C081516_754
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35287
- https://issues.rpath.com/browse/RPL-1633
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11454