exploit the possibilities
Showing 1 - 11 of 11 RSS Feed

CVE-2005-2969

Status Candidate

Overview

The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack.

Related Files

HP Security Bulletin 2007-12.99
Posted Jan 27, 2007
Authored by Hewlett Packard | Site hp.com

HP Security Bulletin - Potential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access.

tags | advisory, denial of service, arbitrary, vulnerability
systems | hpux
advisories | CVE-2006-2940, CVE-2006-2937, CVE-2006-3738, CVE-2006-4343, CVE-2006-4339, CVE-2005-2969
MD5 | b71604123ffa51275e2dd86b3674064f
HP Security Bulletin 2005-11.2
Posted Feb 13, 2006
Authored by Hewlett Packard, HP | Site hp.com

HP Security Bulletin - A potential security vulnerability has been identified in the SSL v2 implementation used in HP HTTP Server v5.9.6 that may allow a remote attacker to force the use of a weaker security protocol via a man-in-the-middle attack.

tags | advisory, remote, web, protocol
advisories | CVE-2005-2969
MD5 | 04c7e745be1b759d3e2316791b4988a4
Apple Security Advisory 2005-11-29
Posted Dec 2, 2005
Authored by Apple | Site apple.com

Apple Security Advisory - Apple has released a security update which addresses over a dozen vulnerabilities.

tags | advisory, vulnerability
systems | apple
advisories | CVE-2005-2088, CVE-2005-2700, CVE-2005-2757, CVE-2005-3185, CVE-2005-3700, CVE-2005-2969, CVE-2005-3701, CVE-2005-2491, CVE-2005-3702, CVE-2005-3703, CVE-2005-3705, CVE-2005-1993, CVE-2005-3704
MD5 | 00a5666bc4aeb1e3ee170e51604b41ac
SCOSA-2005.48.txt
Posted Nov 20, 2005
Authored by SCO | Site sco.com

SCO Security Advisory - A vulnerability has been found in OpenSSL which potentially affects applications that use the SSL/TLS server implementation provided by OpenSSL.

tags | advisory
advisories | CVE-2005-2969
MD5 | dfe0317c437e122cfe12f971e0e7475a
Debian Linux Security Advisory 882-1
Posted Nov 5, 2005
Authored by Debian | Site security.debian.org

Debian Security Advisory DSA 882-1 - Yutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer (OpenSSL) library that can allow an attacker to perform active protocol-version rollback attacks that could lead to the use of the weaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS 1.0.

tags | advisory, protocol
systems | linux, debian
advisories | CVE-2005-2969
MD5 | fa1a7899c558b61ee86e1aec231b6a49
Debian Linux Security Advisory 881-1
Posted Nov 4, 2005
Authored by Debian | Site security.debian.org

Debian Security Advisory DSA 881-1 - Yutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer (OpenSSL) library that can allow an attacker to perform active protocol-version rollback attacks that could lead to the use of the weaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS 1.0.

tags | advisory, protocol
systems | linux, debian
advisories | CVE-2005-2969
MD5 | 5462c15443d8a8bbf5cc624c9bc19dd4
Debian Linux Security Advisory 875-1
Posted Oct 30, 2005
Authored by Debian | Site security.debian.org

Debian Security Advisory DSA 875-1 - Yutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer (OpenSSL) library that can allow an attacker to perform active protocol-version rollback attacks that could lead to the use of the weaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS 1.0.

tags | advisory, protocol
systems | linux, debian
advisories | CVE-2005-2969
MD5 | b2d3fc860c97bcfc7c1448a7f8132922
usn-204-1.txt
Posted Oct 18, 2005
Authored by Martin Pitt | Site security.ubuntu.com

Ubuntu Security Notice USN-204-1 - Yutaka Oiwa discovered a possible cryptographic weakness in OpenSSL applications. Applications using the OpenSSL library can use the SSL_OP_MSIE_SSLV2_RSA_PADDING option (or SSL_OP_ALL, which implies the former) to maintain compatibility with third party products, which is achieved by working around known bugs in them.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2005-2969
MD5 | 00eba36a3c5523730061055fdb878bfb
Gentoo Linux Security Advisory 200510-11
Posted Oct 13, 2005
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200510-11 - Applications setting the SSL_OP_MSIE_SSLV2_RSA_PADDING option (or the SSL_OP_ALL option, that implies it) can be forced by a third-party to fallback to the less secure SSL 2.0 protocol, even if both parties support the more secure SSL 3.0 or TLS 1.0 protocols. Versions less than 0.9.8-r1 are affected.

tags | advisory, protocol
systems | linux, gentoo
advisories | CVE-2005-2969
MD5 | 23d500c36157990515aa297cf891def7
secadv_20051011.txt
Posted Oct 12, 2005
Site openssl.org

OpenSSL Security Advisory - A vulnerability has been found in all previously released versions of OpenSSL (all versions up to 0.9.7h and 0.9.8a). Versions 0.9.7h and 0.9.8a have been released to address the issue. The vulnerability potentially affects applications that use the SSL/TLS server implementation provided by OpenSSL. Such applications are affected if they use the option SSL_OP_MSIE_SSLV2_RSA_PADDING. This option is implied by use of SSL_OP_ALL, which is intended to work around various bugs in third-party software that might prevent interoperability. The SSL_OP_MSIE_SSLV2_RSA_PADDING option disables a verification step in the SSL 2.0 server supposed to prevent active protocol-version rollback attacks. With this verification step disabled, an attacker acting as a man in the middle can force a client and a server to negotiate the SSL 2.0 protocol even if these parties both support SSL 3.0 or TLS 1.0. The SSL 2.0 protocol is known to have severe cryptographic weaknesses and is supported as a fallback only.

tags | advisory, protocol
advisories | CVE-2005-2969
MD5 | d0a3014715e82fced4932596b8eade3c
Mandriva Linux Security Advisory 2005.179
Posted Oct 12, 2005
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Update Advisory - Yutaka Oiwa discovered vulnerability potentially affects applications that use the SSL/TLS server implementation provided by OpenSSL.

tags | advisory
systems | linux, mandriva
advisories | CVE-2005-2946, CVE-2005-2969
MD5 | 6e8cf4d2bb9ed3be4ca6d8b33fa0b4da
Page 1 of 1
Back1Next

File Archive:

June 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    10 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    15 Files
  • 4
    Jun 4th
    25 Files
  • 5
    Jun 5th
    8 Files
  • 6
    Jun 6th
    0 Files
  • 7
    Jun 7th
    0 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    0 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close