Vulnerability Name:

CVE-2005-2969 (CCN-22559)

Assigned:2005-10-11
Published:2005-10-11
Updated:2018-05-03
Summary:The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
4.1 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.6 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Data Manipulation
References:Source: CCN
Type: FreeBSD Security Advisory FreeBSD-SA-05:21
Potential SSL 2.0 rollback

Source: MISC
Type: UNKNOWN
ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers/dir5.10.3_docs_relnotes.pdf

Source: CCN
Type: BugTraq Mailing List, Fri Feb 10 2006 - 07:01:33 CST
[security bulletin] SSRT051102 rev.1 - HP HTTP Server Running on Windows, Forced Use of Weaker Security Protocol

Source: MITRE
Type: CNA
CVE-2005-2969

Source: APPLE
Type: UNKNOWN
APPLE-SA-2005-11-29

Source: HP
Type: UNKNOWN
HPSBUX02174

Source: HP
Type: UNKNOWN
SSRT071299

Source: TRUSTIX
Type: UNKNOWN
TSLSA-2005-0059

Source: CCN
Type: RHSA-2005-800
openssl security update

Source: CCN
Type: RHSA-2008-0264
Moderate: Red Hat Network Satellite Server Solaris client security update

Source: CCN
Type: RHSA-2008-0525
Moderate: Red Hat Network Satellite Server Solaris client security update

Source: CCN
Type: RHSA-2008-0629
Moderate: Red Hat Network Satellite Server Solaris client security update

Source: SECUNIA
Type: UNKNOWN
17146

Source: CCN
Type: SA17151
OpenSSL Potential SSL 2.0 Rollback Vulnerability

Source: SECUNIA
Type: UNKNOWN
17151

Source: SECUNIA
Type: UNKNOWN
17153

Source: CCN
Type: SA17169
Sun Solaris OpenSSL SSL 2.0 Rollback Vulnerability

Source: SECUNIA
Type: UNKNOWN
17169

Source: SECUNIA
Type: UNKNOWN
17178

Source: SECUNIA
Type: UNKNOWN
17180

Source: SECUNIA
Type: UNKNOWN
17189

Source: SECUNIA
Type: UNKNOWN
17191

Source: SECUNIA
Type: UNKNOWN
17210

Source: SECUNIA
Type: UNKNOWN
17259

Source: SECUNIA
Type: UNKNOWN
17288

Source: SECUNIA
Type: UNKNOWN
17335

Source: SECUNIA
Type: UNKNOWN
17344

Source: CCN
Type: SA17389
NetBSD Update Fixes Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
17389

Source: CCN
Type: SA17409
Serv-U FTP Server Potential Denial of Service Vulnerability

Source: SECUNIA
Type: UNKNOWN
17409

Source: CCN
Type: SA17432
Blue Coat Products OpenSSL SSL 2.0 Rollback Vulnerability

Source: SECUNIA
Type: UNKNOWN
17432

Source: CCN
Type: SA17466
Astaro WebAdmin SSL 2.0 Rollback Vulnerability

Source: SECUNIA
Type: UNKNOWN
17466

Source: SECUNIA
Type: UNKNOWN
17589

Source: CCN
Type: SA17617
Astaro Security Linux ISAKMP and SSL 2.0 Rollback Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
17617

Source: CCN
Type: SA17632
Astaro WebAdmin SSL 2.0 Rollback and PPTP Denial of Service

Source: SECUNIA
Type: UNKNOWN
17632

Source: CCN
Type: SA17813
Mac OS X Security Update Fixes Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
17813

Source: CCN
Type: SA17888
Cisco Products OpenSSL Potential SSL 2.0 Rollback Vulnerability

Source: SECUNIA
Type: UNKNOWN
17888

Source: CCN
Type: SA18045
HP Web-Enabled Management Software Potential SSL 2.0 Rollback Vulnerability

Source: SECUNIA
Type: UNKNOWN
18045

Source: CCN
Type: SA18123
Juniper IVE OS Potential SSL 2.0 Rollback Vulnerability

Source: SECUNIA
Type: UNKNOWN
18123

Source: CCN
Type: SA18165
IBM HMC OpenSSL Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
18165

Source: CCN
Type: SA18663
Avaya Intuity Audix OpenSSL Potential SSL 2.0 Rollback

Source: SECUNIA
Type: UNKNOWN
18663

Source: SECUNIA
Type: UNKNOWN
19185

Source: CCN
Type: SA21827
IBM Director OpenSSL Potential SSL 2.0 Rollback Vulnerability

Source: SECUNIA
Type: UNKNOWN
21827

Source: SECUNIA
Type: UNKNOWN
23280

Source: CCN
Type: SA23340
Avaya PDS HP-UX Secure Shell / OpenSSL Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
23340

Source: CCN
Type: SA23843
Hitachi Web Server Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
23843

Source: SECUNIA
Type: UNKNOWN
23915

Source: CCN
Type: SA25973
Hitachi JP1/HiCommand Series Two Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
25973

Source: CCN
Type: SA26893
rPath update for openssl

Source: SECUNIA
Type: UNKNOWN
26893

Source: SECUNIA
Type: UNKNOWN
31492

Source: CCN
Type: SECTRACK ID: 1015032
OpenSSL SSL_OP_MSIE_SSLV2_RSA_PADDING Option May Let Remote Users Rollback the Protocol Version

Source: SECTRACK
Type: UNKNOWN
1015032

Source: SUNALERT
Type: UNKNOWN
101974

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2006-031.htm

Source: CCN
Type: ASA-2006-031
OpenSSL Potential SSL 2.0 Rollback Vulnerability (SCOSA-2005.48)

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm

Source: CCN
Type: ASA-2006-260
HP-UX OpenSSL Denial of Service (DoS) Increase Privilege (HPSBUX02174)

Source: CCN
Type: ASA-2007-018
HP-UX Apache Remote Execution of Arbitrary Code Denial of Service (DoS) and Unauthorized Access (HPSBUX02186)

Source: CCN
Type: IBM Support & downloads
Fixes to leap second handling, new DST time and openssl for Power4 HMC V3R3.6 (Doc Number=2312)

Source: MISC
Type: UNKNOWN
http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVHMCHMC_C081516_754

Source: CCN
Type: Blue Coat Web site
OpenSSL 2.0 Rollback Vulnerability CAN-2005-2969

Source: CCN
Type: Cisco Security Notice 68324
Response to OpenSSL - Potential SSL 2.0 Rollback

Source: CISCO
Type: UNKNOWN
20051202 Cisco Security Notice: Response to OpenSSL - Potential SSL 2.0 Rollback

Source: DEBIAN
Type: UNKNOWN
DSA-875

Source: DEBIAN
Type: UNKNOWN
DSA-881

Source: DEBIAN
Type: UNKNOWN
DSA-882

Source: DEBIAN
Type: DSA-875
openssl094 -- cryptographic weakness

Source: DEBIAN
Type: DSA-881
openssl096 -- cryptographic weakness

Source: DEBIAN
Type: DSA-882
openssl095 -- cryptographic weakness

Source: DEBIAN
Type: DSA-888
openssl -- cryptographic weakness

Source: CCN
Type: GLSA-200510-11
OpenSSL: SSL 2.0 protocol rollback

Source: CONFIRM
Type: UNKNOWN
http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html

Source: CONFIRM
Type: UNKNOWN
http://www.hitachi-support.com/security_e/vuls_e/HS07-016_e/index-e.html

Source: CCN
Type: IBM Security Bulletin 1693035
Multiple vulnerabilities in AppScan Enterprise (CVE-2014-6135, CVE-2014-6119, CVE-2014-6122, CVE-2014-6121, CVE-2013-2566, CVE-2005-2969)

Source: CCN
Type: Juniper Security Bulletin PSN-2005-12-025
IVE potential SSL 2.0 rollback

Source: MISC
Type: UNKNOWN
http://www.juniper.net/support/security/alerts/PSN-2005-12-025.txt

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2005:179

Source: SUSE
Type: UNKNOWN
SUSE-SA:2005:061

Source: CCN
Type: OpenPKG-SA-2005.022
OpenSSL

Source: CCN
Type: OpenSSL Web site
OpenSSL:The Open Source toolkit for SSL/TLS

Source: CCN
Type: OpenSSL Security Advisory 20051011
Potential SSL 2.0 Rollback (CAN-2005-2969)

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.openssl.org/news/secadv_20051011.txt

Source: REDHAT
Type: UNKNOWN
RHSA-2005:762

Source: REDHAT
Type: Vendor Advisory
RHSA-2005:800

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0629

Source: BID
Type: UNKNOWN
15071

Source: CCN
Type: BID-15071
OpenSSL Insecure Protocol Negotiation Weakness

Source: BID
Type: UNKNOWN
15647

Source: CCN
Type: BID-15647
RETIRED: Apple Mac OS X Security Update 2005-009 Multiple Vulnerabilities

Source: BID
Type: UNKNOWN
24799

Source: CCN
Type: BID-24799
JP1/HiCommand Series Products OpenSSL Insecure Protocol Negotiation Weakness

Source: CCN
Type: TLSA-2007-52
Multiple vulnerabilities exist in openssl

Source: CCN
Type: USN-204-1
SSL library vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2005-2036

Source: VUPEN
Type: UNKNOWN
ADV-2005-2659

Source: VUPEN
Type: UNKNOWN
ADV-2005-2710

Source: VUPEN
Type: UNKNOWN
ADV-2005-2908

Source: VUPEN
Type: UNKNOWN
ADV-2005-3002

Source: VUPEN
Type: UNKNOWN
ADV-2005-3056

Source: VUPEN
Type: UNKNOWN
ADV-2006-3531

Source: VUPEN
Type: UNKNOWN
ADV-2007-0326

Source: VUPEN
Type: UNKNOWN
ADV-2007-0343

Source: VUPEN
Type: UNKNOWN
ADV-2007-2457

Source: XF
Type: UNKNOWN
openssl-mitm(22559)

Source: XF
Type: UNKNOWN
hitachi-hicommand-security-bypass(35287)

Source: CONFIRM
Type: UNKNOWN
https://issues.rpath.com/browse/RPL-1633

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:11454

Source: SUSE
Type: SUSE-SA:2005:061
openssl: protocol downgrade attack

Vulnerable Configuration:Configuration 1:
  • cpe:/a:openssl:openssl:0.9.7:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.8:*:*:*:*:*:*:*

  • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.7:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*
  • OR cpe:/a:openssl:openssl:0.9.8:*:*:*:*:*:*:*
  • AND
  • cpe:/o:freebsd:freebsd:*:*:*:*:*:*:*:*
  • OR cpe:/o:bluecoat:cacheos:4.0.14:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.0::oss:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*
  • OR cpe:/a:cisco:ciscoworks_common_services:3.0:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:gss_4480_global_site_selector:*:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:gss_4490_global_site_selector:*:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:gss_4491_global_site_selector:*:*:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1::x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006::x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:fuji:*:*:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:personal:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:multimedia:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1::x86_64:*:*:*:*:*
  • OR cpe:/a:cisco:ciscoworks_common_services:2.2:*:*:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/h:cisco:wireless_control_system:3.2(40):*:*:*:*:*:*:*
  • OR cpe:/h:cisco:wireless_control_system:3.2(51):*:*:*:*:*:*:*
  • OR cpe:/o:bluecoat:cacheos:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:bluecoat:cacheos:4.1.6:*:*:*:*:*:*:*
  • OR cpe:/o:bluecoat:security_gateway_os:-:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios_xr:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_appscan:8.5.0.0:-:enterprise:*:*:*:*:*
  • OR cpe:/a:ibm:security_appscan:8.6.0.0:-:enterprise:*:*:*:*:*
  • OR cpe:/a:ibm:security_appscan:8.7.0.0:-:enterprise:*:*:*:*:*
  • OR cpe:/a:ibm:security_appscan:8.7.0.0:-:enterprise:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20052969
    V
    CVE-2005-2969
    2015-11-16
    oval:org.mitre.oval:def:11454
    V
    The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack.
    2013-04-29
    oval:org.debian:def:888
    V
    cryptographic weakness
    2005-11-07
    oval:org.debian:def:881
    V
    cryptographic weakness
    2005-11-04
    oval:org.debian:def:882
    V
    cryptographic weakness
    2005-11-04
    oval:org.debian:def:875
    V
    cryptographic weakness
    2005-10-27
    oval:com.redhat.rhsa:def:20050800
    P
    RHSA-2005:800: openssl security update (Moderate)
    2005-10-11
    BACK
    openssl openssl 0.9.7
    openssl openssl 0.9.7a
    openssl openssl 0.9.7b
    openssl openssl 0.9.7c
    openssl openssl 0.9.7d
    openssl openssl 0.9.7e
    openssl openssl 0.9.7f
    openssl openssl 0.9.7g
    openssl openssl 0.9.8
    openssl openssl 0.9.7a
    openssl openssl 0.9.7
    openssl openssl 0.9.7b
    openssl openssl 0.9.7c
    openssl openssl 0.9.7d
    openssl openssl 0.9.7e
    openssl openssl 0.9.7f
    openssl openssl 0.9.7g
    openssl openssl 0.9.8
    freebsd freebsd *
    bluecoat cacheos 4.0.14
    debian debian linux 3.0
    openpkg openpkg current
    gentoo linux *
    suse linux enterprise server 8
    mandrakesoft mandrake linux corporate server 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    suse suse linux 9.0
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    suse suse linux 9.1
    redhat enterprise linux 3
    suse suse linux 9.2
    mandrakesoft mandrake linux 10.1
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    novell linux desktop 9
    redhat enterprise linux 4
    redhat enterprise linux 4
    debian debian linux 3.1
    novell open enterprise server *
    mandrakesoft mandrake multi network firewall 2.0
    suse suse linux 10.0
    redhat linux advanced workstation 2.1
    mandrakesoft mandrake linux 2006
    cisco ciscoworks common services 3.0
    cisco gss 4480 global site selector *
    cisco gss 4490 global site selector *
    cisco gss 4491 global site selector *
    suse linux enterprise server 9
    mandrakesoft mandrake linux 10.1
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux corporate server 3.0
    turbolinux turbolinux fuji
    turbolinux turbolinux personal *
    turbolinux turbolinux multimedia *
    mandrakesoft mandrake linux corporate server 2.1
    cisco ciscoworks common services 2.2
    novell open enterprise server *
    cisco wireless control system 3.2(40)
    cisco wireless control system 3.2(51)
    bluecoat cacheos 4.0
    bluecoat cacheos 4.1.6
    bluecoat security gateway os -
    cisco ios xr 3.0
    suse suse linux 9.3
    ibm security appscan 8.5.0.0 -
    ibm security appscan 8.6.0.0 -
    ibm security appscan 8.7.0.0 -
    ibm security appscan 8.7.0.0 -