FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2005-2969

This CVE name corresponds to:

Entered	Topic
2005-10-12	openssl -- potential SSL 2.0 rollback

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2005-2969 at cve.mitre.org

Details

Type	Candidate
Name	CVE-2005-2969
Phase	Assigned(20050919)

Description

The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack.

References

Source	Reference
MISC	http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVHMCHMC_C081516_754
MISC	http://www.juniper.net/support/security/alerts/PSN-2005-12-025.txt
MISC	ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers/dir5.10.3_docs_relnotes.pdf
CONFIRM	http://www.openssl.org/news/secadv_20051011.txt
CONFIRM	http://support.avaya.com/elmodocs2/security/ASA-2006-031.htm
CONFIRM	http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm
CONFIRM	http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html
CONFIRM	http://www.hitachi-support.com/security_e/vuls_e/HS07-016_e/index-e.html
CONFIRM	https://issues.rpath.com/browse/RPL-1633
APPLE	APPLE-SA-2005-11-29
CISCO	20051202 Cisco Security Notice: Response to OpenSSL - Potential SSL 2.0 Rollback
DEBIAN	DSA-875
DEBIAN	DSA-881
DEBIAN	DSA-882
FREEBSD	FreeBSD-SA-05:21
HP	HPSBUX02174
HP	SSRT061239
HP	HPSBUX02186
HP	SSRT071299
MANDRIVA	MDKSA-2005:179
REDHAT	RHSA-2005:800
REDHAT	RHSA-2005:762
REDHAT	RHSA-2008:0629
SUNALERT	101974
SUSE	SUSE-SA:2005:061
TRUSTIX	TSLSA-2005-0059
BID	15647
BID	15071
BID	24799
OVAL	oval:org.mitre.oval:def:11454
VUPEN	ADV-2005-2710
VUPEN	ADV-2005-2908
VUPEN	ADV-2005-2036
VUPEN	ADV-2005-3002
VUPEN	ADV-2005-3056
VUPEN	ADV-2005-2659
VUPEN	ADV-2006-3531
VUPEN	ADV-2007-0326
VUPEN	ADV-2007-0343
VUPEN	ADV-2007-2457
SECTRACK	1015032
SECUNIA	17813
SECUNIA	17888
SECUNIA	18045
SECUNIA	17151
SECUNIA	18165
SECUNIA	18123
SECUNIA	17146
SECUNIA	17153
SECUNIA	17169
SECUNIA	17178
SECUNIA	17180
SECUNIA	17189
SECUNIA	17191
SECUNIA	17210
SECUNIA	17259
SECUNIA	17288
SECUNIA	17335
SECUNIA	17344
SECUNIA	17389
SECUNIA	17409
SECUNIA	17432
SECUNIA	17466
SECUNIA	17589
SECUNIA	17617
SECUNIA	17632
SECUNIA	18663
SECUNIA	19185
SECUNIA	21827
SECUNIA	23280
SECUNIA	23340
SECUNIA	23915
SECUNIA	23843
SECUNIA	25973
SECUNIA	26893
SECUNIA	31492
XF	hitachi-hicommand-security-bypass(35287)