CVE-2010-4180

OpenSSL <0.9.8q, 1.0.x <1.0.0c - RCE

Title source: llm
STIX 2.1

Description

OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.

References (50)

Core 50
Core References
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1024822
Not Applicable third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42473
Not Applicable third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42571
Not Applicable third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43170
Permissions Required vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0268
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
Third Party Advisory x_refsource_confirm
http://support.apple.com/kb/HT4723
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html
Not Applicable third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42493
Not Applicable third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43173
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052027.html
Permissions Required vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0032
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html
Not Applicable third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43171
Not Applicable third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42620
Third Party Advisory, VDB Entry vendor-advisory x_refsource_hp
http://www.securityfocus.com/archive/1/522176
Broken Link, Mailing List, Third Party Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://ubuntu.com/usn/usn-1029-1
Permissions Required vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/3120
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052315.html
Permissions Required vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/3122
Not Applicable third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43169
Not Applicable third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43172
Issue Tracking, Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=132077688910227&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/45164
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/69565
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=659462
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/737740
Not Applicable third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42469
Issue Tracking, Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=130497251507577&w=2
Not Applicable third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42877
Broken Link, Patch x_refsource_confirm
http://cvs.openssl.org/chngview?cn=20131
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0977.html
Permissions Required vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/3134
Permissions Required vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/3188
Issue Tracking, Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=129916880600544&w=2
Permissions Required vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0076
Patch, Third Party Advisory x_refsource_confirm
http://openssl.org/news/secadv_20101202.txt
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0978.html
Not Applicable third-party-advisory x_refsource_secunia
http://secunia.com/advisories/44269
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-0896.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2011/dsa-2141
Permissions Required vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:248
Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0979.html
Not Applicable third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42811

Scores

EPSS 0.0385
EPSS Percentile 88.3%

Details

Status published
Products (19)
canonical/ubuntu_linux 6.06
canonical/ubuntu_linux 8.04
canonical/ubuntu_linux 9.04
canonical/ubuntu_linux 10.04
canonical/ubuntu_linux 10.10
debian/debian_linux 5.0
f5/nginx < 0.9.2
fedoraproject/fedora 13
fedoraproject/fedora 14
openssl/openssl < 0.9.8q
... and 9 more
Published Dec 06, 2010
Tracked Since Feb 18, 2026