Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2969

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-2969
Last Modified 07 Mar 2011 09:25:22
Published 18 Oct 2005 05:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-2969

Summary

The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack.

Vulnerable Systems

Application

  • Openssl 0.9.7

  • Openssl 0.9.7a

  • Openssl 0.9.7b

  • Openssl 0.9.7c

  • Openssl 0.9.7d

  • Openssl 0.9.7e

  • Openssl 0.9.7f

  • Openssl 0.9.7g

  • Openssl 0.9.8


References

CONFIRM - http://www.openssl.org/news/secadv_20051011.txt

VUPEN - ADV-2007-2457

VUPEN - ADV-2007-0343

VUPEN - ADV-2007-0326

VUPEN - ADV-2006-3531

VUPEN - ADV-2005-3056

VUPEN - ADV-2005-3002

VUPEN - ADV-2005-2908

VUPEN - ADV-2005-2710

VUPEN - ADV-2005-2659

VUPEN - ADV-2005-2036

BID - 15647

BID - 15071

REDHAT - RHSA-2008:0629

REDHAT - RHSA-2005:800

REDHAT - RHSA-2005:762

SUSE - SUSE-SA:2005:061

MANDRIVA - MDKSA-2005:179

MISC - http://www.juniper.net/support/security/alerts/PSN-2005-12-025.txt

DEBIAN - DSA-882

DEBIAN - DSA-881

DEBIAN - DSA-875

CISCO - 20051202 Cisco Security Notice: Response to OpenSSL - Potential SSL 2.0 Rollback

MISC - http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVHMCHMC_C081516_754

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2006-031.htm

SECTRACK - 1015032

SECUNIA - 31492

SECUNIA - 19185

SECUNIA - 18663

SECUNIA - 18165

SECUNIA - 18123

SECUNIA - 18045

SECUNIA - 17888

SECUNIA - 17813

SECUNIA - 17632

SECUNIA - 17617

SECUNIA - 17589

SECUNIA - 17466

SECUNIA - 17432

SECUNIA - 17409

SECUNIA - 17389

SECUNIA - 17344

SECUNIA - 17335

SECUNIA - 17288

SECUNIA - 17259

SECUNIA - 17210

SECUNIA - 17191

SECUNIA - 17189

SECUNIA - 17180

SECUNIA - 17178

SECUNIA - 17169

SECUNIA - 17153

SECUNIA - 17151

SECUNIA - 17146

TRUSTIX - TSLSA-2005-0059

HP - SSRT071299

HP - SSRT061239

APPLE - APPLE-SA-2005-11-29

CONFIRM - https://issues.rpath.com/browse/RPL-1633

XF - hitachi-hicommand-security-bypass(35287)

BID - 24799

CONFIRM - http://www.hitachi-support.com/security_e/vuls_e/HS07-016_e/index-e.html

CONFIRM - http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm

SUNALERT - 101974

SECUNIA - 26893

SECUNIA - 25973

SECUNIA - 23915

SECUNIA - 23843

SECUNIA - 23340

SECUNIA - 23280

SECUNIA - 21827

HP - HPSBUX02174

MISC - ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers/dir5.10.3_docs_relnotes.pdf

HP - HPSBUX02186


Last Updated: 27 May 2016 10:55:10