CVE - CVE-2005-2969

CVE-ID
CVE-2005-2969	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1015032 URL:http://securitytracker.com/id?1015032 MISC:101974 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-101974-1~~ (Obsolete source) MISC:15071 URL:http://www.securityfocus.com/bid/15071 MISC:15647 URL:http://www.securityfocus.com/bid/15647 MISC:17146 URL:http://secunia.com/advisories/17146 MISC:17151 URL:http://secunia.com/advisories/17151 MISC:17153 URL:http://secunia.com/advisories/17153 MISC:17169 URL:http://secunia.com/advisories/17169 MISC:17178 URL:http://secunia.com/advisories/17178 MISC:17180 URL:http://secunia.com/advisories/17180 MISC:17189 URL:http://secunia.com/advisories/17189 MISC:17191 URL:http://secunia.com/advisories/17191 MISC:17210 URL:http://secunia.com/advisories/17210 MISC:17259 URL:http://secunia.com/advisories/17259 MISC:17288 URL:http://secunia.com/advisories/17288 MISC:17335 URL:http://secunia.com/advisories/17335 MISC:17344 URL:http://secunia.com/advisories/17344 MISC:17389 URL:http://secunia.com/advisories/17389 MISC:17409 URL:http://secunia.com/advisories/17409 MISC:17432 URL:http://secunia.com/advisories/17432 MISC:17466 URL:http://secunia.com/advisories/17466 MISC:17589 URL:http://secunia.com/advisories/17589 MISC:17617 URL:http://secunia.com/advisories/17617 MISC:17632 URL:http://secunia.com/advisories/17632 MISC:17813 URL:http://secunia.com/advisories/17813 MISC:17888 URL:http://secunia.com/advisories/17888 MISC:18045 URL:http://secunia.com/advisories/18045 MISC:18123 URL:http://secunia.com/advisories/18123 MISC:18165 URL:http://secunia.com/advisories/18165 MISC:18663 URL:http://secunia.com/advisories/18663 MISC:19185 URL:http://secunia.com/advisories/19185 MISC:20051202 Cisco Security Notice: Response to OpenSSL - Potential SSL 2.0 Rollback URL:http://www.cisco.com/warp/public/707/cisco-response-20051202-openssl.shtml MISC:21827 URL:http://secunia.com/advisories/21827 MISC:23280 URL:http://secunia.com/advisories/23280 MISC:23340 URL:http://secunia.com/advisories/23340 MISC:23843 URL:http://secunia.com/advisories/23843 MISC:23915 URL:http://secunia.com/advisories/23915 MISC:24799 URL:http://www.securityfocus.com/bid/24799 MISC:25973 URL:http://secunia.com/advisories/25973 MISC:26893 URL:http://secunia.com/advisories/26893 MISC:31492 URL:http://secunia.com/advisories/31492 MISC:ADV-2005-2036 URL:~~http://www.vupen.com/english/advisories/2005/2036~~ (Obsolete source) MISC:ADV-2005-2659 URL:~~http://www.vupen.com/english/advisories/2005/2659~~ (Obsolete source) MISC:ADV-2005-2710 URL:~~http://www.vupen.com/english/advisories/2005/2710~~ (Obsolete source) MISC:ADV-2005-2908 URL:~~http://www.vupen.com/english/advisories/2005/2908~~ (Obsolete source) MISC:ADV-2005-3002 URL:~~http://www.vupen.com/english/advisories/2005/3002~~ (Obsolete source) MISC:ADV-2005-3056 URL:~~http://www.vupen.com/english/advisories/2005/3056~~ (Obsolete source) MISC:ADV-2006-3531 URL:~~http://www.vupen.com/english/advisories/2006/3531~~ (Obsolete source) MISC:ADV-2007-0326 URL:~~http://www.vupen.com/english/advisories/2007/0326~~ (Obsolete source) MISC:ADV-2007-0343 URL:~~http://www.vupen.com/english/advisories/2007/0343~~ (Obsolete source) MISC:ADV-2007-2457 URL:~~http://www.vupen.com/english/advisories/2007/2457~~ (Obsolete source) MISC:APPLE-SA-2005-11-29 URL:http://docs.info.apple.com/article.html?artnum=302847 MISC:DSA-875 URL:http://www.debian.org/security/2005/dsa-875 MISC:DSA-881 URL:http://www.debian.org/security/2005/dsa-881 MISC:DSA-882 URL:http://www.debian.org/security/2005/dsa-882 MISC:HPSBUX02174 URL:http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100 MISC:HPSBUX02186 URL:http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540 MISC:MDKSA-2005:179 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2005:179~~ (Obsolete source) MISC:RHSA-2005:762 URL:http://www.redhat.com/support/errata/RHSA-2005-762.html MISC:RHSA-2005:800 URL:http://www.redhat.com/support/errata/RHSA-2005-800.html MISC:RHSA-2008:0629 URL:http://www.redhat.com/support/errata/RHSA-2008-0629.html MISC:SSRT061239 URL:http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100 MISC:SSRT071299 URL:http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540 MISC:SUSE-SA:2005:061 URL:http://www.novell.com/linux/security/advisories/2005_61_openssl.html MISC:TSLSA-2005-0059 URL:~~http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html~~ (Obsolete source - check if archived by the Wayback Machine) MISC:ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers/dir5.10.3_docs_relnotes.pdf URL:ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers/dir5.10.3_docs_relnotes.pdf MISC:hitachi-hicommand-security-bypass(35287) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/35287 MISC:http://support.avaya.com/elmodocs2/security/ASA-2006-031.htm URL:http://support.avaya.com/elmodocs2/security/ASA-2006-031.htm MISC:http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm URL:http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm MISC:http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVHMCHMC_C081516_754 URL:http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVHMCHMC_C081516_754 MISC:http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html URL:http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html MISC:http://www.hitachi-support.com/security_e/vuls_e/HS07-016_e/index-e.html URL:http://www.hitachi-support.com/security_e/vuls_e/HS07-016_e/index-e.html MISC:http://www.juniper.net/support/security/alerts/PSN-2005-12-025.txt URL:http://www.juniper.net/support/security/alerts/PSN-2005-12-025.txt MISC:http://www.openssl.org/news/secadv_20051011.txt URL:http://www.openssl.org/news/secadv_20051011.txt MISC:https://issues.rpath.com/browse/RPL-1633 URL:https://issues.rpath.com/browse/RPL-1633 MISC:oval:org.mitre.oval:def:11454 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11454
Assigning CNA
Red Hat, Inc.
Date Record Created
20050919	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20050919)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)