CVE-2005-2969

OpenSSL <0.9.7h-0.9.8a - Protocol Version Rollback

Title source: llm
STIX 2.1

Description

The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack.

References (74)

Core 74
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/15071
Vendor Advisory vendor-advisory x_refsource_cisco
http://www.cisco.com/warp/public/707/cisco-response-20051202-openssl.shtml
Issue Tracking x_refsource_confirm
https://issues.rpath.com/browse/RPL-1633
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2008-0629.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/35287
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2005:179
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17259
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23915
Vendor Advisory vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2005_61_openssl.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26893
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17389
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2005/3056
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/2457
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17813
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/18165
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23340
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/18123
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2005/dsa-881
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2659
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/24799
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2005/dsa-882
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17153
Various Sources vendor-advisory x_refsource_hp
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540
Various Sources vendor-advisory x_refsource_trustix
http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17191
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2908
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1015032
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17344
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/19185
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2036
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17589
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2710
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2005/3002
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31492
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17466
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17146
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17169
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0343
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23280
Vendor Advisory vendor-advisory x_refsource_apple
http://docs.info.apple.com/article.html?artnum=302847
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23843
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17189
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/21827
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17288
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17632
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0326
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17409
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/25973
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11454
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17888
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17210
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2005/dsa-875
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3531
Patch, Vendor Advisory x_refsource_confirm
http://www.openssl.org/news/secadv_20051011.txt
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17178
Various Sources vendor-advisory x_refsource_hp
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17432
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17180
Vendor Advisory vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101974-1
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/15647
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17335
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2005-762.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2005-800.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17151
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/18663
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17617
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/18045

Scores

EPSS 0.0939
EPSS Percentile 92.9%

Details

Status published
Products (9)
openssl/openssl 0.9.7
openssl/openssl 0.9.7a
openssl/openssl 0.9.7b
openssl/openssl 0.9.7c
openssl/openssl 0.9.7d
openssl/openssl 0.9.7e
openssl/openssl 0.9.7f
openssl/openssl 0.9.7g
openssl/openssl 0.9.8
Published Oct 18, 2005
Tracked Since Feb 18, 2026