| Revision Date: | 2013-04-29 | Version: | 11 | | Title: | The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack. | | Description: | The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack. | | Family: | unix | Class: | vulnerability | | Status: | ACCEPTED | Reference(s): | CVE-2005-2969
| | Platform(s): | CentOS Linux 3
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
| Product(s): | | | Definition Synopsis | | OS Section: RHEL3, CentOS3 RHEL3 or CentOS3
The operating system installed on the system is Red Hat Enterprise Linux 3
OR CentOS Linux 3.x
AND Configuration section
openssl-perl is earlier than 0:0.9.7a-33.17
OR openssl-devel is earlier than 0:0.9.7a-33.17
OR openssl is earlier than 0:0.9.7a-33.17
OR openssl096b is earlier than 0:0.9.6b-16.22.4
OR OS Section: RHEL4, CentOS4, Oracle Linux 4
RHEL4, CentOS4 or Oracle Linux 4
The operating system installed on the system is Red Hat Enterprise Linux 4
OR CentOS Linux 4.x
OR Oracle Linux 4.x
AND Configuration section
openssl-perl is earlier than 0:0.9.7a-43.4
OR openssl-devel is earlier than 0:0.9.7a-43.4
OR openssl is earlier than 0:0.9.7a-43.4
OR openssl096b is earlier than 0:0.9.6b-22.4
|
|