CVE - CVE-2005-2969

CVE-ID
CVE-2005-2969	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVHMCHMC_C081516_754 MISC:http://www.juniper.net/support/security/alerts/PSN-2005-12-025.txt MISC:ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers/dir5.10.3_docs_relnotes.pdf CONFIRM:http://www.openssl.org/news/secadv_20051011.txt CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-031.htm CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm CONFIRM:http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html CONFIRM:http://www.hitachi-support.com/security_e/vuls_e/HS07-016_e/index-e.html CONFIRM:https://issues.rpath.com/browse/RPL-1633 APPLE:APPLE-SA-2005-11-29 URL:http://docs.info.apple.com/article.html?artnum=302847 CISCO:20051202 Cisco Security Notice: Response to OpenSSL - Potential SSL 2.0 Rollback URL:http://www.cisco.com/warp/public/707/cisco-response-20051202-openssl.shtml DEBIAN:DSA-875 URL:http://www.debian.org/security/2005/dsa-875 DEBIAN:DSA-881 URL:http://www.debian.org/security/2005/dsa-881 DEBIAN:DSA-882 URL:http://www.debian.org/security/2005/dsa-882 FREEBSD:FreeBSD-SA-05:21 HP:HPSBUX02174 URL:http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100 HP:SSRT061239 URL:http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100 HP:HPSBUX02186 URL:http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540 HP:SSRT071299 URL:http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540 MANDRIVA:MDKSA-2005:179 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:179 REDHAT:RHSA-2005:800 URL:http://www.redhat.com/support/errata/RHSA-2005-800.html REDHAT:RHSA-2005:762 URL:http://www.redhat.com/support/errata/RHSA-2005-762.html REDHAT:RHSA-2008:0629 URL:http://www.redhat.com/support/errata/RHSA-2008-0629.html SUNALERT:101974 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-101974-1 SUSE:SUSE-SA:2005:061 URL:http://www.novell.com/linux/security/advisories/2005_61_openssl.html TRUSTIX:TSLSA-2005-0059 URL:http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html BID:15647 URL:http://www.securityfocus.com/bid/15647 BID:15071 URL:http://www.securityfocus.com/bid/15071 BID:24799 URL:http://www.securityfocus.com/bid/24799 OVAL:oval:org.mitre.oval:def:11454 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11454 VUPEN:ADV-2005-2710 URL:http://www.vupen.com/english/advisories/2005/2710 VUPEN:ADV-2005-2908 URL:http://www.vupen.com/english/advisories/2005/2908 VUPEN:ADV-2005-2036 URL:http://www.vupen.com/english/advisories/2005/2036 VUPEN:ADV-2005-3002 URL:http://www.vupen.com/english/advisories/2005/3002 VUPEN:ADV-2005-3056 URL:http://www.vupen.com/english/advisories/2005/3056 VUPEN:ADV-2005-2659 URL:http://www.vupen.com/english/advisories/2005/2659 VUPEN:ADV-2006-3531 URL:http://www.vupen.com/english/advisories/2006/3531 VUPEN:ADV-2007-0326 URL:http://www.vupen.com/english/advisories/2007/0326 VUPEN:ADV-2007-0343 URL:http://www.vupen.com/english/advisories/2007/0343 VUPEN:ADV-2007-2457 URL:http://www.vupen.com/english/advisories/2007/2457 SECTRACK:1015032 URL:http://securitytracker.com/id?1015032 SECUNIA:17813 URL:http://secunia.com/advisories/17813 SECUNIA:17888 URL:http://secunia.com/advisories/17888 SECUNIA:18045 URL:http://secunia.com/advisories/18045 SECUNIA:17151 URL:http://secunia.com/advisories/17151 SECUNIA:18165 URL:http://secunia.com/advisories/18165 SECUNIA:18123 URL:http://secunia.com/advisories/18123 SECUNIA:17146 URL:http://secunia.com/advisories/17146 SECUNIA:17153 URL:http://secunia.com/advisories/17153 SECUNIA:17169 URL:http://secunia.com/advisories/17169 SECUNIA:17178 URL:http://secunia.com/advisories/17178 SECUNIA:17180 URL:http://secunia.com/advisories/17180 SECUNIA:17189 URL:http://secunia.com/advisories/17189 SECUNIA:17191 URL:http://secunia.com/advisories/17191 SECUNIA:17210 URL:http://secunia.com/advisories/17210 SECUNIA:17259 URL:http://secunia.com/advisories/17259 SECUNIA:17288 URL:http://secunia.com/advisories/17288 SECUNIA:17335 URL:http://secunia.com/advisories/17335 SECUNIA:17344 URL:http://secunia.com/advisories/17344 SECUNIA:17389 URL:http://secunia.com/advisories/17389 SECUNIA:17409 URL:http://secunia.com/advisories/17409 SECUNIA:17432 URL:http://secunia.com/advisories/17432 SECUNIA:17466 URL:http://secunia.com/advisories/17466 SECUNIA:17589 URL:http://secunia.com/advisories/17589 SECUNIA:17617 URL:http://secunia.com/advisories/17617 SECUNIA:17632 URL:http://secunia.com/advisories/17632 SECUNIA:18663 URL:http://secunia.com/advisories/18663 SECUNIA:19185 URL:http://secunia.com/advisories/19185 SECUNIA:21827 URL:http://secunia.com/advisories/21827 SECUNIA:23280 URL:http://secunia.com/advisories/23280 SECUNIA:23340 URL:http://secunia.com/advisories/23340 SECUNIA:23915 URL:http://secunia.com/advisories/23915 SECUNIA:23843 URL:http://secunia.com/advisories/23843 SECUNIA:25973 URL:http://secunia.com/advisories/25973 SECUNIA:26893 URL:http://secunia.com/advisories/26893 SECUNIA:31492 URL:http://secunia.com/advisories/31492 XF:hitachi-hicommand-security-bypass(35287) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/35287
Assigning CNA
N/A
Date Entry Created
20050919	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20050919)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org