ID CVE-2005-2969
Summary The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack.
References
Vulnerable Configurations
  • cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*
  • cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*
    cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 03-05-2018 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
oval via4
accepted 2013-04-29T04:14:09.450-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack.
family unix
id oval:org.mitre.oval:def:11454
status accepted
submitted 2010-07-09T03:56:16-04:00
title The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack.
version 23
redhat via4
advisories
  • rhsa
    id RHSA-2005:762
  • rhsa
    id RHSA-2005:800
  • rhsa
    id RHSA-2008:0629
refmap via4
apple APPLE-SA-2005-11-29
bid
  • 15071
  • 15647
  • 24799
cisco 20051202 Cisco Security Notice: Response to OpenSSL - Potential SSL 2.0 Rollback
confirm
debian
  • DSA-875
  • DSA-881
  • DSA-882
freebsd FreeBSD-SA-05:21
hp
  • HPSBUX02174
  • HPSBUX02186
  • SSRT061239
  • SSRT071299
mandriva MDKSA-2005:179
misc
sectrack 1015032
secunia
  • 17146
  • 17151
  • 17153
  • 17169
  • 17178
  • 17180
  • 17189
  • 17191
  • 17210
  • 17259
  • 17288
  • 17335
  • 17344
  • 17389
  • 17409
  • 17432
  • 17466
  • 17589
  • 17617
  • 17632
  • 17813
  • 17888
  • 18045
  • 18123
  • 18165
  • 18663
  • 19185
  • 21827
  • 23280
  • 23340
  • 23843
  • 23915
  • 25973
  • 26893
  • 31492
sunalert 101974
suse SUSE-SA:2005:061
trustix TSLSA-2005-0059
vupen
  • ADV-2005-2036
  • ADV-2005-2659
  • ADV-2005-2710
  • ADV-2005-2908
  • ADV-2005-3002
  • ADV-2005-3056
  • ADV-2006-3531
  • ADV-2007-0326
  • ADV-2007-0343
  • ADV-2007-2457
xf hitachi-hicommand-security-bypass(35287)
statements via4
contributor Mark J Cox
lastmodified 2007-03-14
organization Red Hat
statement Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Last major update 03-05-2018 - 01:29
Published 18-10-2005 - 21:02
Back to Top