CVE-2004-2761
CVSS5.0
发布时间 :2009-01-05 15:30:02
修订时间 :2016-11-21 21:59:01
NMCOPS    

[原文]The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate.


[CNNVD]Ietf X.509证书MD5签名冲突漏洞(CNNVD-200901-025)

        X.509是由国际电信联盟(ITU-T)制定的数字证书标准。
        MD5哈希算法中可能存在冲突,导致用这种算法所签名的X.509数字证书并不安全。攻击者可以生成内容不同但数字签名与源证书相同的额外数字证书,如果WEB浏览器信任了伪造的证书的话,攻击者就可以扮演称为可信任的站点,包括用HTTPS协议加密的电子商务站点。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-310 [密码学安全问题]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2761
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2761
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200901-025
(官方数据源) CNNVD

- 其它链接及资源

http://blog.mozilla.com/security/2008/12/30/md5-weaknesses-could-lead-to-certificate-forgery/
(UNKNOWN)  MISC  http://blog.mozilla.com/security/2008/12/30/md5-weaknesses-could-lead-to-certificate-forgery/
http://blogs.technet.com/swi/archive/2008/12/30/information-regarding-md5-collisions-problem.aspx
(UNKNOWN)  MISC  http://blogs.technet.com/swi/archive/2008/12/30/information-regarding-md5-collisions-problem.aspx
http://securityreason.com/securityalert/4866
(UNKNOWN)  SREASON  4866
http://securitytracker.com/id?1024697
(UNKNOWN)  SECTRACK  1024697
http://www.cisco.com/en/US/products/products_security_response09186a0080a5d24a.html
(UNKNOWN)  CISCO  20090115 MD5 Hashes May Allow for Certificate Spoofing
http://www.doxpara.com/research/md5/md5_someday.pdf
(UNKNOWN)  MISC  http://www.doxpara.com/research/md5/md5_someday.pdf
http://www.kb.cert.org/vuls/id/836068
(UNKNOWN)  CERT-VN  VU#836068
http://www.microsoft.com/technet/security/advisory/961509.mspx
(UNKNOWN)  MISC  http://www.microsoft.com/technet/security/advisory/961509.mspx
http://www.phreedom.org/research/rogue-ca/
(UNKNOWN)  MISC  http://www.phreedom.org/research/rogue-ca/
http://www.securityfocus.com/archive/1/archive/1/499685/100/0/threaded
(UNKNOWN)  BUGTRAQ  20081230 MD5 Considered Harmful Today: Creating a rogue CA certificate
http://www.securityfocus.com/bid/33065
(UNKNOWN)  BID  33065
http://www.ubuntu.com/usn/usn-740-1
(UNKNOWN)  UBUNTU  USN-740-1
http://www.win.tue.nl/hashclash/rogue-ca/
(UNKNOWN)  MISC  http://www.win.tue.nl/hashclash/rogue-ca/
http://www.win.tue.nl/hashclash/SoftIntCodeSign/
(UNKNOWN)  MISC  http://www.win.tue.nl/hashclash/SoftIntCodeSign/
https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php
(UNKNOWN)  MISC  https://blogs.verisign.com/ssl-blog/2008/12/on_md5_vulnerabilities_and_mit.php
https://bugzilla.redhat.com/show_bug.cgi?id=648886
(UNKNOWN)  CONFIRM  https://bugzilla.redhat.com/show_bug.cgi?id=648886
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935
(UNKNOWN)  CONFIRM  https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05289935
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888
(UNKNOWN)  CONFIRM  https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05336888
https://rhn.redhat.com/errata/RHSA-2010-0837.html
(UNKNOWN)  REDHAT  RHSA-2010:0837
https://rhn.redhat.com/errata/RHSA-2010-0838.html
(UNKNOWN)  REDHAT  RHSA-2010:0838
https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00096.html
(UNKNOWN)  FEDORA  FEDORA-2009-1276

- 漏洞信息

Ietf X.509证书MD5签名冲突漏洞
中危 加密问题
2009-01-05 00:00:00 2009-03-20 00:00:00
远程  
        X.509是由国际电信联盟(ITU-T)制定的数字证书标准。
        MD5哈希算法中可能存在冲突,导致用这种算法所签名的X.509数字证书并不安全。攻击者可以生成内容不同但数字签名与源证书相同的额外数字证书,如果WEB浏览器信任了伪造的证书的话,攻击者就可以扮演称为可信任的站点,包括用HTTPS协议加密的电子商务站点。
        

- 公告与补丁

        目前厂商还没有提供补丁或者升级程序,建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        http://www.ietf.org/

- 漏洞信息 (F75815)

Ubuntu Security Notice 740-1 (PacketStormID:F75815)
2009-03-18 00:00:00
Ubuntu  security.ubuntu.com
advisory,web,proof of concept
linux,ubuntu
CVE-2004-2761
[点击下载]

Ubuntu Security Notice USN-740-1 - The MD5 algorithm is known not to be collision resistant. This update blacklists the proof of concept rogue certificate authority as discussed in http://www.win.tue.nl/hashclash/rogue-ca/.

===========================================================
Ubuntu Security Notice USN-740-1             March 17, 2009
nss, firefox vulnerability
CVE-2004-2761
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libnss3                         1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2

Ubuntu 7.10:
  libnss3-0d                      3.11.5-3ubuntu0.7.10.2

Ubuntu 8.04 LTS:
  libnss3-0d                      3.12.0.3-0ubuntu0.8.04.5
  libnss3-1d                      3.12.0.3-0ubuntu0.8.04.5

Ubuntu 8.10:
  libnss3-1d                      3.12.0.3-0ubuntu5.8.10.1

After a standard system upgrade you need to restart your session to
effect the necessary changes.

Details follow:

The MD5 algorithm is known not to be collision resistant. This update
blacklists the proof of concept rogue certificate authority as discussed
in http://www.win.tue.nl/hashclash/rogue-ca/.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2.diff.gz
      Size/MD5:   188837 84bf6c0e34576e50daab0284028533bb
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2.dsc
      Size/MD5:     2389 abbe8becc260777f55315eb565f8d732
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k.orig.tar.gz
      Size/MD5: 48504132 171958941a2ca0562039add097278245

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/mozilla-firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_all.deb
      Size/MD5:    53898 025eab1318c7a90e48fb0a927bbbd433
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/mozilla-firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_all.deb
      Size/MD5:    53014 87135a54ac04ea95a0a3c7dccb8a4d4e

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb
      Size/MD5: 47681092 19a313089bf1da267950c8f5b8d2d2df
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb
      Size/MD5:  2859292 f6a4b48f0e0e3250d83f0bf4183836f7
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb
      Size/MD5:    86270 0bd3983f76c7474d37018f26eee721f4
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb
      Size/MD5:  9494334 91c75d6baf740531224bed258c6622b9
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb
      Size/MD5:   222572 2779237df4dc1c30d8d2c01623eef1e3
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb
      Size/MD5:   166118 862f4a02164840c1d94228a396c2688c
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb
      Size/MD5:   248116 183208d5e43c3ddc117d6cbefc54a472
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb
      Size/MD5:   826574 2ff813a52cac4b3392f056b145129821
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_amd64.deb
      Size/MD5:   218858 2fcc1d909f4fdafaced1b1f737f83bf1

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb
      Size/MD5: 44228668 5a244b5b731d0d703cb573e2db10b74b
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb
      Size/MD5:  2859256 274033babbff1131a391ca71c19a6e6b
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb
      Size/MD5:    78600 3e86ec8d1b73b8f7b822f12aaa56451a
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb
      Size/MD5:  7997718 56cb9f85d34aa86721dcc36414b8f0e9
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb
      Size/MD5:   222564 14edfb722d08b49930b901114b841c81
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb
      Size/MD5:   150606 fa56606c4d002559ee41e965299b523a
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb
      Size/MD5:   248106 58139d67e47359f9cb056ad29292d06d
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb
      Size/MD5:   717824 ce294179ee0e0fcdea589e751548f04e
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_i386.deb
      Size/MD5:   212058 b3874b6f769aeafedce238b9a15e7b09

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb
      Size/MD5: 49085684 a4ea3920e8120e9dc7138cf8e8595aa4
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb
      Size/MD5:  2859352 dac458ed9e848ba8c64d0e18071149f8
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb
      Size/MD5:    81686 228d420fc876cb95b6edad70d58c2c48
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb
      Size/MD5:  9113232 7ba2b92dad312ca9d2186dac6380d638
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb
      Size/MD5:   222564 9e89e2cc261f1c1b43e0b765e140d3d5
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb
      Size/MD5:   163310 3ddb28abafbffe0943e25f48267df5f1
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb
      Size/MD5:   248128 94da18de9bba74798a5ae257e85d882b
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb
      Size/MD5:   817522 eb53d37dea9fce55780abda44b94ca89
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_powerpc.deb
      Size/MD5:   215556 779f90ccb4534487d2274536ac9279dd

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dbg_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb
      Size/MD5: 45629214 b30a5365e327c4366ae3ea2b393e1d78
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-dev_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb
      Size/MD5:  2859296 c7f225dc39717d6156b9163c7a8ddda0
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox-gnome-support_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb
      Size/MD5:    80180 51ca826844fa46702feb9bbeb5c6e999
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb
      Size/MD5:  8499070 ee1fd111aa113ac50e5ea42dc85e1e77
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb
      Size/MD5:   222590 6a5621015d57ffbd93f92a8552d98e54
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnspr4_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb
      Size/MD5:   153210 b7c4a9074a678fcaf70a4db7bcb8fd5d
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss-dev_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb
      Size/MD5:   248150 1273ab06f98bf861e4e66985add8685a
    http://security.ubuntu.com/ubuntu/pool/main/f/firefox/libnss3_1.firefox1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb
      Size/MD5:   728698 cd5ba0f693710a604274d327d4724c88
    http://security.ubuntu.com/ubuntu/pool/universe/f/firefox/firefox-dom-inspector_1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2_sparc.deb
      Size/MD5:   213030 fe7a017cd7f4a8a9064372e51f903263

Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.11.5-3ubuntu0.7.10.2.diff.gz
      Size/MD5:    23735 2c3b55fe3f316790d2174a56709723ad
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.11.5-3ubuntu0.7.10.2.dsc
      Size/MD5:     1925 9d9a2fa42ff8dcb452761d66e3238ef6
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.11.5.orig.tar.gz
      Size/MD5:  3696893 1add44e6a41dbf5091cfd000f19ad6b9

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d-dbg_3.11.5-3ubuntu0.7.10.2_amd64.deb
      Size/MD5:  3143890 dad0155f293aff8a59d42086cef022c3
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.11.5-3ubuntu0.7.10.2_amd64.deb
      Size/MD5:   799588 70d491944efd2ce20cb839da11030b0e
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.11.5-3ubuntu0.7.10.2_amd64.deb
      Size/MD5:   241342 567c357ea31e0e1729db4738822aa7b0
    http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.11.5-3ubuntu0.7.10.2_amd64.deb
      Size/MD5:   656372 a6868f642b5c295236c7df01dbc3f2d9

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d-dbg_3.11.5-3ubuntu0.7.10.2_i386.deb
      Size/MD5:  2995870 d4ea291de433c1768148f35a4f40e596
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.11.5-3ubuntu0.7.10.2_i386.deb
      Size/MD5:   723166 81b970c37e37b2bfe13bf8edf8b8c2df
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.11.5-3ubuntu0.7.10.2_i386.deb
      Size/MD5:   238436 a901d3b0431faa6bfd4d8b732fc6b8ed
    http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.11.5-3ubuntu0.7.10.2_i386.deb
      Size/MD5:   605568 f7a02ba6c2e65c2e3644f81e2e5add33

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d-dbg_3.11.5-3ubuntu0.7.10.2_lpia.deb
      Size/MD5:  3213428 32f032e4c5ebc8383d334e2de5b1e0b5
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.11.5-3ubuntu0.7.10.2_lpia.deb
      Size/MD5:   709556 606d9ee62127ecad6620ce6ee2a351c1
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.11.5-3ubuntu0.7.10.2_lpia.deb
      Size/MD5:   237148 526eb9b27871cee224d480ce8483d015
    http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.11.5-3ubuntu0.7.10.2_lpia.deb
      Size/MD5:   596394 35c4ef7f97a6934947760236b119d1f1

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d-dbg_3.11.5-3ubuntu0.7.10.2_powerpc.deb
      Size/MD5:  3168400 13560d02da9c481147177504476a3f21
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.11.5-3ubuntu0.7.10.2_powerpc.deb
      Size/MD5:   807892 5a0232d184bb4d87811974d61a902e17
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.11.5-3ubuntu0.7.10.2_powerpc.deb
      Size/MD5:   240514 9cfb4b3bace2f033b7c55ba571d0c4a1
    http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.11.5-3ubuntu0.7.10.2_powerpc.deb
      Size/MD5:   645362 ccd118c24941759b0c2e758ae60b4ba5

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d-dbg_3.11.5-3ubuntu0.7.10.2_sparc.deb
      Size/MD5:  2834042 f884524281d9521e07b60c8bf9aa8074
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.11.5-3ubuntu0.7.10.2_sparc.deb
      Size/MD5:   718096 906896f0101a88bd6cb78ffdb103fe0e
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.11.5-3ubuntu0.7.10.2_sparc.deb
      Size/MD5:   235222 f679c8d076c15860a41c1e16b1d69ded
    http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.11.5-3ubuntu0.7.10.2_sparc.deb
      Size/MD5:   576390 75811d5dc9ddd1eca108bc50ffe3e911

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.0.3-0ubuntu0.8.04.5.diff.gz
      Size/MD5:    38918 6fda80e067b0f84e323b3556b5f9dd18
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.0.3-0ubuntu0.8.04.5.dsc
      Size/MD5:     2001 e9365c71192c0e568d5dd9891708e436
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.0.3.orig.tar.gz
      Size/MD5:  5161407 9e96418400e073f982e83c235718c4e9

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.12.0.3-0ubuntu0.8.04.5_amd64.deb
      Size/MD5:    17910 7933180f37ce55969719730463fef4cb
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu0.8.04.5_amd64.deb
      Size/MD5:  4511304 1a241985ee6673075b8610bbb2be2902
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu0.8.04.5_amd64.deb
      Size/MD5:  1135226 fcc9b7555aac5a0ef0260aa639b7421a
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu0.8.04.5_amd64.deb
      Size/MD5:   256738 992898a7cce94822e29a3e0d5d318e46
    http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu0.8.04.5_amd64.deb
      Size/MD5:   813730 542b82a7837b4a43191fd5862a97699e

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-0d_3.12.0.3-0ubuntu0.8.04.5_i386.deb
      Size/MD5:    17894 3ea3554784b1242ce89f96bb631d0c4d
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu0.8.04.5_i386.deb
      Size/MD5:  4294520 d7eb7d334bd821d887e24d76d8e2804f
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu0.8.04.5_i386.deb
      Size/MD5:  1017710 7afd17b32bc5ce80babf2405488997e8
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu0.8.04.5_i386.deb
      Size/MD5:   253724 f7f8ad3723f384a657907016b8476c35
    http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu0.8.04.5_i386.deb
      Size/MD5:   741278 ed53c68732f059a90a35310b68c4be88

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.0.3-0ubuntu0.8.04.5_lpia.deb
      Size/MD5:    17874 5e1a506010c923ba8a41129fef693344
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu0.8.04.5_lpia.deb
      Size/MD5:  4322188 cd5765f42aaffa32e20b0ac0510d9b6c
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu0.8.04.5_lpia.deb
      Size/MD5:   993934 313d088bd4a0a44fe05b762e33ef927d
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu0.8.04.5_lpia.deb
      Size/MD5:   252500 dcaf82868eaa0e3162a6a49fb6f512be
    http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu0.8.04.5_lpia.deb
      Size/MD5:   719648 8e422c9ee3dd5a062f547d36d6e2725c

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.0.3-0ubuntu0.8.04.5_powerpc.deb
      Size/MD5:    20352 144b270c8fc23407e1da27112151c952
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu0.8.04.5_powerpc.deb
      Size/MD5:  4440132 f89a7f34a199abd8e0d840bb011ca5bf
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu0.8.04.5_powerpc.deb
      Size/MD5:  1115852 d88c0295406e468f7ac1c087edb661dd
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu0.8.04.5_powerpc.deb
      Size/MD5:   255446 4eef63577fbaa5b611b0d9064c47ac6c
    http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu0.8.04.5_powerpc.deb
      Size/MD5:   777064 83ad19b301d2c1eceef6682cbad5a00d

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/n/nss/libnss3-0d_3.12.0.3-0ubuntu0.8.04.5_sparc.deb
      Size/MD5:    17976 c763ceebcc3bf6371477809a8589cebf
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu0.8.04.5_sparc.deb
      Size/MD5:  4038136 bbb4ff75f73844f33727fada2ca730b4
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu0.8.04.5_sparc.deb
      Size/MD5:   995598 2785d368bbb6665eee586ac3fc3e453e
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu0.8.04.5_sparc.deb
      Size/MD5:   250450 a972e1131466d149480a574a57537c37
    http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu0.8.04.5_sparc.deb
      Size/MD5:   702432 d16a1353ba80d7104820f97c4f712334

Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.0.3-0ubuntu5.8.10.1.diff.gz
      Size/MD5:    38881 8be9f8eb187a657a743e115f58dbb58b
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.0.3-0ubuntu5.8.10.1.dsc
      Size/MD5:     2001 88381f73650cd5c2c369f387638ec40d
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/nss_3.12.0.3.orig.tar.gz
      Size/MD5:  5161407 9e96418400e073f982e83c235718c4e9

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu5.8.10.1_amd64.deb
      Size/MD5:  4696732 5e2844909ee8896f71548c37f7ab711f
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu5.8.10.1_amd64.deb
      Size/MD5:  1182642 6f73554c7970e2c0e3da7dcddf8d4d7f
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu5.8.10.1_amd64.deb
      Size/MD5:   256520 808f5ff374081b1fd7f981699e267828
    http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.0.3-0ubuntu5.8.10.1_amd64.deb
      Size/MD5:    17962 63411a0d50d9fa340f688c7a5cec33ae
    http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu5.8.10.1_amd64.deb
      Size/MD5:   824382 367bbe2bf29f17c4fa5b085142e0bc8f

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu5.8.10.1_i386.deb
      Size/MD5:  4450042 bb8560c5208a6f4d2a121a93d7ff7bac
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu5.8.10.1_i386.deb
      Size/MD5:  1054914 1f7cbdc5e0776b8c2fc92241776bd96e
    http://security.ubuntu.com/ubuntu/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu5.8.10.1_i386.deb
      Size/MD5:   253554 c1cc8fff73ef7b34dadc6fea411bc7db
    http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-0d_3.12.0.3-0ubuntu5.8.10.1_i386.deb
      Size/MD5:    17940 b3577f334ed9f5a95c6fdbdd4de83ef4
    http://security.ubuntu.com/ubuntu/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu5.8.10.1_i386.deb
      Size/MD5:   752462 703f7bd356efc312f216e361209ef3a7

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu5.8.10.1_lpia.deb
      Size/MD5:  4482980 c27f13a5f5aba10c93b2dda917c1ba31
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu5.8.10.1_lpia.deb
      Size/MD5:  1029092 3b2805f79d61b595907187846da18a54
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu5.8.10.1_lpia.deb
      Size/MD5:   252140 06b18884a6e275a5fc9a73abd1464875
    http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.0.3-0ubuntu5.8.10.1_lpia.deb
      Size/MD5:    17914 28d1eeaac6ba2f9c17da9a9a6ea35fdd
    http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu5.8.10.1_lpia.deb
      Size/MD5:   730786 e1497e0cbdf8d7c3ac4c6e80e86837bf

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu5.8.10.1_powerpc.deb
      Size/MD5:  4659468 ceb162226c93c950c71d2f0236b9d53e
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu5.8.10.1_powerpc.deb
      Size/MD5:  1137358 f61287d145339ece156686d86a971480
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu5.8.10.1_powerpc.deb
      Size/MD5:   255312 d7787174c0d6b25467b0f1262306be06
    http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.0.3-0ubuntu5.8.10.1_powerpc.deb
      Size/MD5:    20352 082622bc3e21161a1085695bd4f8f961
    http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu5.8.10.1_powerpc.deb
      Size/MD5:   775316 78ca70e113bd97d42f62e19e0ac8fdb1

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d-dbg_3.12.0.3-0ubuntu5.8.10.1_sparc.deb
      Size/MD5:  4168250 b9f3c0b8eab76476c9bb057b43d9df40
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-1d_3.12.0.3-0ubuntu5.8.10.1_sparc.deb
      Size/MD5:  1015340 5dd83c288df733b6a84247b48d945647
    http://ports.ubuntu.com/pool/main/n/nss/libnss3-dev_3.12.0.3-0ubuntu5.8.10.1_sparc.deb
      Size/MD5:   250138 f6a1dd454cc44a4684ab288e9eadde56
    http://ports.ubuntu.com/pool/universe/n/nss/libnss3-0d_3.12.0.3-0ubuntu5.8.10.1_sparc.deb
      Size/MD5:    18068 27f0453909db6eda6d8ffd3ef35454c9
    http://ports.ubuntu.com/pool/universe/n/nss/libnss3-tools_3.12.0.3-0ubuntu5.8.10.1_sparc.deb
      Size/MD5:   703524 e87fca0b128626aebf5bce77473ee8e0


    

- 漏洞信息 (F138866)

HP Security Bulletin HPSBHF03654 1 (PacketStormID:F138866)
2016-09-27 00:00:00
HP  hp.com
advisory,vulnerability
CVE-2004-2761,CVE-2013-2566,CVE-2015-2808
[点击下载]

HP Security Bulletin HPSBHF03654 1 - Potential security vulnerabilities have been identified with HPE iMC PLAT network products using SSL/TLS. These vulnerabilities could be exploited remotely resulting in disclosure of information and other impacts. Revision 1 of this advisory.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05289935

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05289935
Version: 1

HPSBHF03654 rev.1 - HPE iMC PLAT Network Products using SSL/TLS, Multiple
Remote Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2016-09-26
Last Updated: 2016-09-26

Potential Security Impact: Multiple Remote Vulnerabilities

Source: Hewlett Packard Enterprise, Product Security Response Team

VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HPE iMC PLAT
network products using SSL/TLS. These vulnerabilities could be exploited
remotely resulting in disclosure of information and other impacts including:

  - The MD5 Message-Digest Algorithm is not collision resistant, which makes
it easier for context-dependent attackers to conduct spoofing attacks, as
demonstrated by attacks on the use of MD5 in the signature algorithm of an
X.509 certificate.
  - The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many
single-byte biases, which makes it easier for remote attackers to conduct
plaintext-recovery attacks via statistical analysis of ciphertext in a large
number of sessions that use the same plaintext.
  - The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah"
could be exploited remotely to allow disclosure of information.

References:

  - CVE-2004-2761 - SSL/TLS MD5 Algorithm is not collision resistant
  - CVE-2013-2566 - SSL/TLS RC4 algorithm vulnerability
  - CVE-2015-2808 - SSL/TLS RC4 stream vulnerability known as "Bar Mitzvah"
  - PSRT110210

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
  - HPE iMC PLAT - Please refer to the RESOLUTION
 below for a list of impacted products. All product versions are impacted
prior to the fixed version listed.

BACKGROUND

  CVSS Base Metrics
  =================
  Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

    CVE-2004-2761
      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
      5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)

    CVE-2013-2566
      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
      4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)

    CVE-2015-2808
      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
      4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)

    Information on CVSS is documented in
    HPE Customer Notice HPSN-2008-002 here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499

RESOLUTION
HPE has made the following software available to resolve the vulnerabilities
in the iMC PLAT network products listed.

  + **iMC PLAT - Version: IMC PLAT 7.2, E0403P10**

      - JD125A  HP IMC Std S/W Platform w/100-node
      - JD126A  HP IMC Ent S/W Platform w/100-node
      - JD808A  HP IMC Ent Platform w/100-node License
      - JD814A   HP A-IMC Enterprise Edition Software DVD Media
      - JD815A  HP IMC Std Platform w/100-node License
      - JD816A  HP A-IMC Standard Edition Software DVD Media
      - JF288AAE  HP Network Director to Intelligent Management Center
Upgrade E-LTU
      - JF289AAE  HP Enterprise Management System to Intelligent Management
Center Upgrade E-LTU
      - JF377A  HP IMC Std S/W Platform w/100-node Lic
      - JF377AAE  HP IMC Std S/W Pltfrm w/100-node E-LTU
      - JF378A  HP IMC Ent S/W Platform w/200-node Lic
      - JF378AAE  HP IMC Ent S/W Pltfrm w/200-node E-LTU
      - JG546AAE  HP IMC Basic SW Platform w/50-node E-LTU
      - JG548AAE  HP PCM+ to IMC Bsc Upgr w/50-node E-LTU
      - JG549AAE  HP PCM+ to IMC Std Upgr w/200-node E-LTU
      - JG747AAE  HP IMC Std SW Plat w/ 50 Nodes E-LTU
      - JG748AAE  HP IMC Ent SW Plat w/ 50 Nodes E-LTU
      - JG550AAE HPE PCM+ Mobility Manager to IMC Basic WLAN Platform Upgrade
50-node and 150-AP E-LTU
      - JG590AAE HPE IMC Basic WLAN Manager Software Platform 50 Access Point
E-LTU
      - JG660AAE HP IMC Smart Connect with Wireless Manager Virtual Appliance
Edition E-LTU
      - JG766AAE HP IMC Smart Connect Virtual Appliance Edition E-LTU
      - JG767AAE HP IMC Smart Connect with Wireless Manager Virtual Appliance
Edition E-LTU
      - JG768AAE HPE PCM+ to IMC Standard Software Platform Upgrade with
200-node E-LTU

**Note:** Please contact HPE Technical Support if any assistance is needed
acquiring the software updates.

HISTORY
Version:1 (rev.1) - 26 September 2016 Initial release

Third Party Security Patches: Third party security patches that are to be
installed on systems running Hewlett Packard Enterprise (HPE) software
products should be applied in accordance with the customer's patch management
policy.

Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HPE Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hpe.com.

Report: To report a potential security vulnerability for any HPE supported
product:
  Web form: https://www.hpe.com/info/report-security-vulnerability
  Email: security-alert@hpe.com

Subscribe: To initiate a subscription to receive future HPE Security Bulletin
alerts via Email: http://www.hpe.com/support/Subscriber_Choice

Security Bulletin Archive: A list of recently released Security Bulletins is
available here: http://www.hpe.com/support/Security_Bulletin_Archive

Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.

3C = 3COM
3P = 3rd Party Software
GN = HPE General Software
HF = HPE Hardware and Firmware
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PV = ProCurve
ST = Storage Software
UX = HP-UX

Copyright 2016 Hewlett Packard Enterprise

Hewlett Packard Enterprise shall not be liable for technical or editorial
errors or omissions contained herein. The information provided is provided
"as is" without warranty of any kind. To the extent permitted by law, neither
HP or its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice. Hewlett
Packard Enterprise and the names of Hewlett Packard Enterprise products
referenced herein are trademarks of Hewlett Packard Enterprise in the United
States and other countries. Other product and company names mentioned herein
may be trademarks of their respective owners.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJX6Y+0AAoJEGIGBBYqRO9/dA8IAKidS/RY8sNSoWI47dDiKZAb
GprSFEHJ9iAPoWjomMK6244VcLcz3UQUfyrlI9fNZDJSZbnsUrXlJEhpy69kPDQL
GpxzIonv3O/aji6sV5DYOLSm7YUQcL7ioNI3IzNKM88BicAvAhHKn7ukQ+cfS1bx
ij2Njird7EWOWVO9BiugDr3g9+9DLhC/ohNzxKoHZP2vOpXY009K9EIG4PLSyF35
R+Rqz67MkWPx4LdNTvhrE68UMIUtRiEQulvJ5DDT6lREEmfYXoMwcbIxeY3pX6Nf
NM7AqsSJgOlOHqelc49CQbGF6XpZs1TIOq4SnZsug4nLRlN/QjtheRrA8ds0C2I=
=ZppV
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F139894)

HP Security Bulletin HPSBHF03673 1 (PacketStormID:F139894)
2016-11-24 00:00:00
HP  hp.com
advisory,spoof,vulnerability
CVE-2004-2761,CVE-2013-2566,CVE-2015-2808
[点击下载]

HP Security Bulletin HPSBHF03673 1 - Security vulnerabilities in MD5 message digest algorithm and RC4 ciphersuite could potentially impact HPE Comware 5 and Comware 7 network products using SSL/TLS. These vulnerabilities could be exploited remotely to conduct spoofing attacks and plaintext recovery attacks resulting in disclosure of information. Revision 1 of this advisory.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05336888

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05336888
Version: 1

HPSBHF03673 rev.1 - HPE Comware 5 and Comware 7 Network Products using
SSL/TLS, Multiple Remote Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2016-11-18
Last Updated: 2016-11-18

Potential Security Impact: Remote: Multiple Vulnerabilities

Source: Hewlett Packard Enterprise, Product Security Response Team

VULNERABILITY SUMMARY
Security vulnerabilities in MD5 message digest algorithm and RC4 ciphersuite
could potentially impact HPE Comware 5 and Comware 7 network products using
SSL/TLS. These vulnerabilities could be exploited remotely to conduct
spoofing attacks and plaintext recovery attacks resulting in disclosure of
information.

References:

  - CVE-2004-2761 - MD5 Hash Collision Vulnerability
  - CVE-2013-2566 - SSL/TLS RC4 algorithm vulnerability
  - CVE-2015-2808 - SSL/TLS RC4 stream vulnerability known as "Bar Mitzvah"

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

  - Comware 5 (CW5) Products All versions
  - Comware 7 (CW7) Products All versions

BACKGROUND

  CVSS Base Metrics
  =================
  Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

    CVE-2004-2761
      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
      5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)

    CVE-2013-2566
      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
      4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)

    CVE-2015-2808
      5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
      4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)

    Information on CVSS is documented in
    HPE Customer Notice HPSN-2008-002 here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499

RESOLUTION

HPE has released the following mitigation information to resolve the
vulnerabilities in HPE Comware 5 and Comware 7 network products.

  *Note:* Please contact HPE Technical Support for any assistance configuring
the recommended settings.

**Mitigation for the hash collision vulnerability in the MD5 Algorithm:**

  + For Comware V7, this issue only exists when the key-type is RSA and the
public key length less than 1024 bits.
    Since the default length of the RSA key is 1024 bits, the length should
only have to be set manually if necessary.
    
      Example command to set the RSA key length to 1024 bits:
      
          public-key rsa general name xxx length 1024
    
  + For Comware V5, this issue only exists when the key-type is RSA.
    HPE recommends using DSA and ECDSA keys and not an RSA key.

**Mitigation for the RC4 vulnerabilities:**
  
  HPE recommends disabling RC2 and RC4 ciphers.
  
  + For Comware V7, remove the RC2/RC4 ciphers:
        
    - exp_rsa_rc2_md5
    - exp_rsa_rc4_md5
    - rsa_rc4_128_md5
    - rsa_rc4_128_sha

          Example using the *ssl server-policy anamea ciphersuite* command to
omit the RC2/RC4 ciphers:
        
            ssl server-policy anamea ciphersuite { dhe_rsa_aes_128_cbc_sha |
dhe_rsa_aes_256_cbc_sha | exp_rsa_des_cbc_sha | rsa_3des_ede_cbc_sha |
rsa_aes_128_cbc_sha | rsa_aes_256_cbc_sha | rsa_des_cbc_sha }

          Example using the *ssl client-policy anamea prefer-cipher* command
to omit the RC2/RC4 ciphers:  

            ssl client-policy anamea prefer-cipher { dhe_rsa_aes_128_cbc_sha
| dhe_rsa_aes_256_cbc_sha | exp_rsa_des_cbc_sha | rsa_3des_ede_cbc_sha |
rsa_aes_128_cbc_sha | rsa_aes_256_cbc_sha | rsa_des_cbc_sha }


  + For Comware V5, remove the following RC4 ciphers:
        
    - rsa_rc4_128_md5
    - rsa_rc4_128_sha

          Example using the *ssl server-policy anamea ciphersuite* command to
omit the RC4 ciphers:
        
            ssl server-policy anamea ciphersuite { rsa_3des_ede_cbc_sha |
rsa_aes_128_cbc_sha | rsa_aes_256_cbc_sha| rsa_des_cbc_sha }

          Example using the *ssl client-policy anamea prefer-cipher* command
to omit the RC4 ciphers:  

            ssl client-policy anamea prefer-cipher { rsa_3des_ede_cbc_sha |
rsa_aes_128_cbc_sha |rsa_aes_256_cbc_sha | rsa_des_cbc_sha }


**COMWARE 5 Products**

  + **HSR6602 (Comware 5) - Version: See Mitigation**
    * HP Network Products
      - JC176A HP 6602 Router Chassis
      - JG353A HP HSR6602-G Router
      - JG354A HP HSR6602-XG Router
      - JG355A HP 6600 MCP-X1 Router Main Processing Unit
      - JG356A HP 6600 MCP-X2 Router Main Processing Unit
      - JG776A HP HSR6602-G TAA-compliant Router
      - JG777A HP HSR6602-XG TAA-compliant Router
      - JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit
  + **HSR6800 (Comware 5) - Version: See Mitigation**
    * HP Network Products
      - JG361A HP HSR6802 Router Chassis
      - JG361B HP HSR6802 Router Chassis
      - JG362A HP HSR6804 Router Chassis
      - JG362B HP HSR6804 Router Chassis
      - JG363A HP HSR6808 Router Chassis
      - JG363B HP HSR6808 Router Chassis
      - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
      - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit
  + **MSR20 (Comware 5) - Version: See Mitigation**
    * HP Network Products
      - JD432A HP A-MSR20-21 Router
      - JD662A HP MSR20-20 Router
      - JD663A HP A-MSR20-21 Router
      - JD663B HP MSR20-21 Router
      - JD664A HP MSR20-40 Router
      - JF228A HP MSR20-40 Router
      - JF283A HP MSR20-20 Router
  + **MSR20-1X  (Comware 5) - Version: See Mitigation**
    * HP Network Products
      - JD431A HP MSR20-10 Router
      - JD667A HP MSR20-15 IW Multi-Service Router
      - JD668A HP MSR20-13 Multi-Service Router
      - JD669A HP MSR20-13 W Multi-Service Router
      - JD670A HP MSR20-15 A Multi-Service Router
      - JD671A HP MSR20-15 AW Multi-Service Router
      - JD672A HP MSR20-15 I Multi-Service Router
      - JD673A HP MSR20-11 Multi-Service Router
      - JD674A HP MSR20-12 Multi-Service Router
      - JD675A HP MSR20-12 W Multi-Service Router
      - JD676A HP MSR20-12 T1 Multi-Service Router
      - JF236A HP MSR20-15-I Router
      - JF237A HP MSR20-15-A Router
      - JF238A HP MSR20-15-I-W Router
      - JF239A HP MSR20-11 Router
      - JF240A HP MSR20-13 Router
      - JF241A HP MSR20-12 Router
      - JF806A HP MSR20-12-T Router
      - JF807A HP MSR20-12-W Router
      - JF808A HP MSR20-13-W Router
      - JF809A HP MSR20-15-A-W Router
      - JF817A HP MSR20-15 Router
      - JG209A HP MSR20-12-T-W Router (NA)
      - JG210A HP MSR20-13-W Router (NA)
  + **MSR 30 (Comware 5) - Version: See Mitigation**
    * HP Network Products
      - JD654A HP MSR30-60 POE Multi-Service Router
      - JD657A HP MSR30-40 Multi-Service Router
      - JD658A HP MSR30-60 Multi-Service Router
      - JD660A HP MSR30-20 POE Multi-Service Router
      - JD661A HP MSR30-40 POE Multi-Service Router
      - JD666A HP MSR30-20 Multi-Service Router
      - JF229A HP MSR30-40 Router
      - JF230A HP MSR30-60 Router
      - JF232A HP RTMSR3040-AC-OVSAS-H3
      - JF235A HP MSR30-20 DC Router
      - JF284A HP MSR30-20 Router
      - JF287A HP MSR30-40 DC Router
      - JF801A HP MSR30-60 DC Router
      - JF802A HP MSR30-20 PoE Router
      - JF803A HP MSR30-40 PoE Router
      - JF804A HP MSR30-60 PoE Router
      - JG728A HP MSR30-20 TAA-compliant DC Router
      - JG729A HP MSR30-20 TAA-compliant Router
  + **MSR 30-16 (Comware 5) - Version: See Mitigation**
    * HP Network Products
      - JD659A HP MSR30-16 POE Multi-Service Router
      - JD665A HP MSR30-16 Multi-Service Router
      - JF233A HP MSR30-16 Router
      - JF234A HP MSR30-16 PoE Router
  + **MSR 30-1X (Comware 5) - Version: See Mitigation**
    * HP Network Products
      - JF800A HP MSR30-11 Router
      - JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr
      - JG182A HP MSR30-11E Router
      - JG183A HP MSR30-11F Router
      - JG184A HP MSR30-10 DC Router
  + **MSR 50 (Comware 5) - Version: See Mitigation**
    * HP Network Products
      - JD433A HP MSR50-40 Router
      - JD653A HP MSR50 Processor Module
      - JD655A HP MSR50-40 Multi-Service Router
      - JD656A HP MSR50-60 Multi-Service Router
      - JF231A HP MSR50-60 Router
      - JF285A HP MSR50-40 DC Router
      - JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply
  + **MSR 50-G2 (Comware 5) - Version: See Mitigation**
    * HP Network Products
      - JD429A HP MSR50 G2 Processor Module
      - JD429B HP MSR50 G2 Processor Module
  + **MSR 9XX (Comware 5) - Version: See Mitigation**
    * HP Network Products
      - JF812A HP MSR900 Router
      - JF813A HP MSR920 Router
      - JF814A HP MSR900-W Router
      - JF815A HP MSR920 2FEWAN/8FELAN/.11 b/g Rtr
      - JG207A HP MSR900-W Router (NA)
      - JG208A HP MSR920-W Router (NA)
  + **MSR 93X (Comware 5) - Version: See Mitigation**
    * HP Network Products
      - JG511A HP MSR930 Router
      - JG511B HP MSR930 Router
      - JG512A HP MSR930 Wireless Router
      - JG513A HP MSR930 3G Router
      - JG513B HP MSR930 3G Router
      - JG514A HP MSR931 Router
      - JG514B HP MSR931 Router
      - JG515A HP MSR931 3G Router
      - JG516A HP MSR933 Router
      - JG517A HP MSR933 3G Router
      - JG518A HP MSR935 Router
      - JG518B HP MSR935 Router
      - JG519A HP MSR935 Wireless Router
      - JG520A HP MSR935 3G Router
      - JG531A HP MSR931 Dual 3G Router
      - JG531B HP MSR931 Dual 3G Router
      - JG596A HP MSR930 4G LTE/3G CDMA Router
      - JG597A HP MSR936 Wireless Router
      - JG665A HP MSR930 4G LTE/3G WCDMA Global Router
      - JG704A HP MSR930 4G LTE/3G WCDMA  ATT Router
      - JH009A HP MSR931 Serial (TI) Router
      - JH010A HP MSR933 G.SHDSL (TI) Router
      - JH011A HP MSR935 ADSL2+ (TI) Router
      - JH012A HP MSR930 Wireless 802.11n (NA) Router
      - JH012B HP MSR930 Wireless 802.11n (NA) Router
      - JH013A HP MSR935 Wireless 802.11n (NA) Router
  + **MSR1000 (Comware 5) - Version: See Mitigation**
    * HP Network Products
      - JG732A HP MSR1003-8 AC Router
  + **12500 (Comware 5) - Version: See Mitigation**
    * HP Network Products
      - JC072B HP 12500 Main Processing Unit
      - JC085A HP A12518 Switch Chassis
      - JC086A HP A12508 Switch Chassis
      - JC652A HP 12508 DC Switch Chassis
      - JC653A HP 12518 DC Switch Chassis
      - JC654A HP 12504 AC Switch Chassis
      - JC655A HP 12504 DC Switch Chassis
      - JC808A HP 12500 TAA Main Processing Unit
      - JF430A HP A12518 Switch Chassis
      - JF430B HP 12518 Switch Chassis
      - JF430C HP 12518 AC Switch Chassis
      - JF431A HP A12508 Switch Chassis
      - JF431B HP 12508 Switch Chassis
      - JF431C HP 12508 AC Switch Chassis
  + **9500E (Comware 5) - Version: See Mitigation**
    * HP Network Products
      - JC124A HP A9508 Switch Chassis
      - JC124B HP 9505 Switch Chassis
      - JC125A HP A9512 Switch Chassis
      - JC125B HP 9512 Switch Chassis
      - JC474A HP A9508-V Switch Chassis
      - JC474B HP 9508-V Switch Chassis
  + **10500 (Comware 5) - Version: See Mitigation**
    * HP Network Products
      - JC611A HP 10508-V Switch Chassis
      - JC612A HP 10508 Switch Chassis
      - JC613A HP 10504 Switch Chassis
      - JC614A HP 10500 Main Processing Unit
      - JC748A HP 10512 Switch Chassis
      - JG375A HP 10500 TAA-compliant Main Processing Unit
      - JG820A HP 10504 TAA-compliant Switch Chassis
      - JG821A HP 10508 TAA-compliant Switch Chassis
      - JG822A HP 10508-V TAA-compliant Switch Chassis
      - JG823A HP 10512 TAA-compliant Switch Chassis
  + **7500 (Comware 5) - Version: See Mitigation**
    * HP Network Products
      - JC666A HP 7503-S 144Gbps Fabric/MPU with PoE Upgradable 20-port
Gig-T/4-port GbE Combo
      - JC697A HP 7502 TAA-compliant Main Processing Unit
      - JC698A HP 7503-S 144Gbps TAA Fabric / MPU with 16 GbE SFP Ports and 8
GbE Combo Ports
      - JC699A HP 7500 384Gbps TAA-compliant Fabric / MPU with 2 10GbE XFP
Ports
      - JC700A HP 7500 384Gbps TAA-compliant Fabric / Main Processing Unit
      - JC701A HP 7500 768Gbps TAA-compliant Fabric / Main Processing Unit
      - JD193A HP 7500 384Gbps Fabric Module with 2 XFP Ports
      - JD193B HP 7500 384Gbps Fabric Module with 2 XFP Ports
      - JD194A HP 7500 384Gbps Fabric Module
      - JD194B HP 7500 384Gbps Fabric Module
      - JD195A HP 7500 384Gbps Advanced Fabric Module
      - JD196A HP 7502 Fabric Module
      - JD220A HP 7500 768Gbps Fabric Module
      - JD224A HP 7500 384Gbps Fabric Module with 12 SFP Ports
      - JD238A HP 7510 Switch Chassis
      - JD238B HP 7510 Switch Chassis
      - JD239A HP 7506 Switch Chassis
      - JD239B HP 7506 Switch Chassis
      - JD240A HP 7503 Switch Chassis
      - JD240B HP 7503 Switch Chassis
      - JD241A HP 7506-V Switch Chassis
      - JD241B HP 7506-V Switch Chassis
      - JD242A HP 7502 Switch Chassis
      - JD242B HP 7502 Switch Chassis
      - JD243A HP 7503-S Switch Chassis with 1 Fabric Slot
      - JD243B HP 7503-S Switch Chassis with 1 Fabric Slot
      - JE164A HP E7902 Switch Chassis
      - JE165A HP E7903 Switch Chassis
      - JE166A HP E7903 1 Fabric Slot Switch Chassis
      - JE167A HP E7906 Switch Chassis
      - JE168A HP E7906 Vertical Switch Chassis
      - JE169A HP E7910 Switch Chassis
  + **6125G/XG Blade Switch - Version: See Mitigation**
    * HP Network Products
      - 737220-B21 HP 6125G Blade Switch with TAA
      - 737226-B21 HP 6125G/XG Blade Switch with TAA
      - 658250-B21 HP 6125G/XG Blade Switch Opt Kit
      - 658247-B21 HP 6125G Blade Switch Opt Kit
  + **5830 (Comware 5) - Version: See Mitigation**
    * HP Network Products
      - JC691A HP 5830AF-48G Switch with 1 Interface Slot
      - JC694A HP 5830AF-96G Switch
      - JG316A HP 5830AF-48G TAA-compliant Switch w/1 Interface Slot
      - JG374A HP 5830AF-96G TAA-compliant Switch
  + **5800 (Comware 5) - Version: See Mitigation**
    * HP Network Products
      - JC099A HP 5800-24G-PoE Switch
      - JC099B HP 5800-24G-PoE+ Switch
      - JC100A HP 5800-24G Switch
      - JC100B HP 5800-24G Switch
      - JC101A HP 5800-48G Switch with 2 Slots
      - JC101B HP 5800-48G-PoE+ Switch with 2 Interface Slots
      - JC103A HP 5800-24G-SFP Switch
      - JC103B HP 5800-24G-SFP Switch with 1 Interface Slot
      - JC104A HP 5800-48G-PoE Switch
      - JC104B HP 5800-48G-PoE+ Switch with 1 Interface Slot
      - JC105A HP 5800-48G Switch
      - JC105B HP 5800-48G Switch with 1 Interface Slot
      - JG254A HP 5800-24G-PoE+ TAA-compliant Switch
      - JG254B HP 5800-24G-PoE+ TAA-compliant Switch
      - JG255A HP 5800-24G TAA-compliant Switch
      - JG255B HP 5800-24G TAA-compliant Switch
      - JG256A HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot
      - JG256B HP 5800-24G-SFP TAA-compliant Switch with 1 Interface Slot
      - JG257A HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot
      - JG257B HP 5800-48G-PoE+ TAA-compliant Switch with 1 Interface Slot
      - JG258A HP 5800-48G TAA-compliant Switch with 1 Interface Slot
      - JG258B HP 5800-48G TAA-compliant Switch with 1 Interface Slot
      - JG225A HP 5800AF-48G Switch
      - JG225B HP 5800AF-48G Switch
      - JG242A HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface Slots
      - JG242B HP 5800-48G-PoE+ TAA-compliant Switch with 2 Interface
      - JG243A HP 5820-24XG-SFP+ TAA-compliant Switch
      - JG243B HP 5820-24XG-SFP+ TAA-compliant Switch
      - JG259A HP 5820X-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots
& 1 OAA Slot
      - JG259B HP 5820-14XG-SFP+ TAA-compliant Switch with 2 Interface Slots
and 1 OAA Slot
      - JC106A HP 5820-14XG-SFP+ Switch with 2 Slots
      - JC106B HP 5820-14XG-SFP+ Switch with 2 Interface Slots & 1 OAA Slot
      - JG219A HP 5820AF-24XG Switch
      - JG219B HP 5820AF-24XG Switch
      - JC102A HP 5820-24XG-SFP+ Switch
      - JC102B HP 5820-24XG-SFP+ Switch
  + **5500 HI (Comware 5) - Version: See Mitigation**
    * HP Network Products
      - JG311A HP 5500-24G-4SFP HI Switch with 2 Interface Slots
      - JG312A HP 5500-48G-4SFP HI Switch with 2 Interface Slots
      - JG541A HP 5500-24G-PoE+-4SFP HI Switch with 2 Interface Slots
      - JG542A HP 5500-48G-PoE+-4SFP HI Switch with 2 Interface Slots
      - JG543A HP 5500-24G-SFP HI Switch with 2 Interface Slots
      - JG679A HP 5500-24G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface
Slots
      - JG680A HP 5500-48G-PoE+-4SFP HI TAA-compliant Switch with 2 Interface
Slots
      - JG681A HP 5500-24G-SFP HI TAA-compliant Switch with 2 Interface Slots
  + **5500 EI (Comware 5) - Version: See Mitigation**
    * HP Network Products
      - JD373A HP 5500-24G DC EI Switch
      - JD374A HP 5500-24G-SFP EI Switch
      - JD375A HP 5500-48G EI Switch
      - JD376A HP 5500-48G-PoE EI Switch
      - JD377A HP 5500-24G EI Switch
      - JD378A HP 5500-24G-PoE EI Switch
      - JD379A HP 5500-24G-SFP DC EI Switch
      - JG240A HP 5500-48G-PoE+ EI Switch with 2 Interface Slots
      - JG241A HP 5500-24G-PoE+ EI Switch with 2 Interface Slots
      - JG249A HP 5500-24G-SFP EI TAA-compliant Switch with 2 Interface
      - JG250A HP 5500-24G EI TAA-compliant Switch with 2 Interface Slots
      - JG251A HP 5500-48G EI TAA-compliant Switch with 2 Interface Slots
      - JG252A HP 5500-24G-PoE+ EI TAA-compliant Switch with 2 Interface
Slots
      - JG253A HP 5500-48G-PoE+ EI TAA-compliant Switch with 2 Interface
Slots
  + **4800G (Comware 5) - Version: See Mitigation**
    * HP Network Products
      - JD007A HP 4800-24G Switch
      - JD008A HP 4800-24G-PoE Switch
      - JD009A HP 4800-24G-SFP Switch
      - JD010A HP 4800-48G Switch
      - JD011A HP 4800-48G-PoE Switch
  + **5500SI (Comware 5) - Version: See Mitigation**
    * HP Network Products
      - JD369A HP 5500-24G SI Switch
      - JD370A HP 5500-48G SI Switch
      - JD371A HP 5500-24G-PoE SI Switch
      - JD372A HP 5500-48G-PoE SI Switch
      - JG238A HP 5500-24G-PoE+ SI Switch with 2 Interface Slots
      - JG239A HP 5500-48G-PoE+ SI Switch with 2 Interface Slots
  + **4500G (Comware 5) - Version: See Mitigation**
    * HP Network Products
      - JF428A HP 4510-48G Switch
      - JF847A HP 4510-24G Switch
  + **5120 EI (Comware 5) - Version: See Mitigation**
    * HP Network Products
      - JE066A HP 5120-24G EI Switch
      - JE067A HP 5120-48G EI Switch
      - JE068A HP 5120-24G EI Switch with 2 Interface Slots
      - JE069A HP 5120-48G EI Switch with 2 Interface Slots
      - JE070A HP 5120-24G-PoE EI 2-slot Switch
      - JE071A HP 5120-48G-PoE EI 2-slot Switch
      - JG236A HP 5120-24G-PoE+ EI Switch with 2 Interface Slots
      - JG237A HP 5120-48G-PoE+ EI Switch with 2 Interface Slots
      - JG245A HP 5120-24G EI TAA-compliant Switch with 2 Interface Slots
      - JG246A HP 5120-48G EI TAA-compliant Switch with 2 Interface Slots
      - JG247A HP 5120-24G-PoE+ EI TAA-compliant Switch with 2 Slots
      - JG248A HP 5120-48G-PoE+ EI TAA-compliant Switch with 2 Slots
  + **4210G (Comware 5) - Version: See Mitigation**
    * HP Network Products
      - JF844A HP 4210-24G Switch
      - JF845A HP 4210-48G Switch
      - JF846A HP 4210-24G-PoE Switch
  + **5120 SI (Comware 5) - Version: See Mitigation**
    * HP Network Products
      - JE072A HP 5120-48G SI Switch
      - JE072B HPE 5120 48G SI Switch
      - JE073A HP 5120-16G SI Switch
      - JE073B HPE 5120 16G SI Switch
      - JE074A HP 5120-24G SI Switch
      - JE074B HPE 5120 24G SI Switch
      - JG091A HP 5120-24G-PoE+ (370W) SI Switch
      - JG091B HPE 5120 24G PoE+ (370W) SI Switch
      - JG092A HP 5120-24G-PoE+ (170W) SI Switch
      - JG309B HPE 5120 8G PoE+ (180W) SI Switch
      - JG310B HPE 5120 8G PoE+ (65W) SI Switch
  + **3610 (Comware 5) - Version: See Mitigation**
    * HP Network Products
      - JD335A HP 3610-48 Switch
      - JD336A HP 3610-24-4G-SFP Switch
      - JD337A HP 3610-24-2G-2G-SFP Switch
      - JD338A HP 3610-24-SFP Switch
  + **3600V2 (Comware 5) - Version: See Mitigation**
    * HP Network Products
      - JG299A HP 3600-24 v2 EI Switch
      - JG299B HP 3600-24 v2 EI Switch
      - JG300A HP 3600-48 v2 EI Switch
      - JG300B HP 3600-48 v2 EI Switch
      - JG301A HP 3600-24-PoE+ v2 EI Switch
      - JG301B HP 3600-24-PoE+ v2 EI Switch
      - JG301C HP 3600-24-PoE+ v2 EI Switch
      - JG302A HP 3600-48-PoE+ v2 EI Switch
      - JG302B HP 3600-48-PoE+ v2 EI Switch
      - JG302C HP 3600-48-PoE+ v2 EI Switch
      - JG303A HP 3600-24-SFP v2 EI Switch
      - JG303B HP 3600-24-SFP v2 EI Switch
      - JG304A HP 3600-24 v2 SI Switch
      - JG304B HP 3600-24 v2 SI Switch
      - JG305A HP 3600-48 v2 SI Switch
      - JG305B HP 3600-48 v2 SI Switch
      - JG306A HP 3600-24-PoE+ v2 SI Switch
      - JG306B HP 3600-24-PoE+ v2 SI Switch
      - JG306C HP 3600-24-PoE+ v2 SI Switch
      - JG307A HP 3600-48-PoE+ v2 SI Switch
      - JG307B HP 3600-48-PoE+ v2 SI Switch
      - JG307C HP 3600-48-PoE+ v2 SI Switch
  + **3100V2-48 (Comware 5) - Version: See Mitigation**
    * HP Network Products
      - JG315A HP 3100-48 v2 Switch
      - JG315B HP 3100-48 v2 Switch
  + **HP870 (Comware 5) - Version: See Mitigation**
    * HP Network Products
      - JG723A HP 870 Unified Wired-WLAN Appliance
      - JG725A HP 870 Unified Wired-WLAN TAA-compliant Appliance
  + **HP850 (Comware 5) - Version: See Mitigation**
    * HP Network Products
      - JG722A HP 850 Unified Wired-WLAN Appliance
      - JG724A HP 850 Unified Wired-WLAN TAA-compliant Appliance
  + **HP830 (Comware 5) - Version: See Mitigation**
    * HP Network Products
      - JG640A HP 830 24-Port PoE+ Unified Wired-WLAN Switch
      - JG641A HP 830 8-port PoE+ Unified Wired-WLAN Switch
      - JG646A HP 830 24-Port PoE+ Unified Wired-WLAN TAA-compliant Switch
      - JG647A HP 830 8-Port PoE+ Unified Wired-WLAN TAA-compliant
  + **HP6000 (Comware 5) - Version: See Mitigation**
    * HP Network Products
      - JG639A HP 10500/7500 20G Unified Wired-WLAN Module
      - JG645A HP 10500/7500 20G Unified Wired-WLAN TAA-compliant Module
  + **WX5004-EI (Comware 5) - Version: See Mitigation**
    * HP Network Products
      - JD447B HP WX5002 Access Controller
      - JD448A HP WX5004 Access Controller
      - JD448B HP WX5004 Access Controller
      - JD469A HP WX5004 Access Controller
  + **SecBlade FW (Comware 5) - Version: See Mitigation**
    * HP Network Products
      - JC635A HP 12500 VPN Firewall Module
      - JD245A HP 9500 VPN Firewall Module
      - JD249A HP 10500/7500 Advanced VPN Firewall Module
      - JD250A HP 6600 Firewall Processing Router Module
      - JD251A HP 8800 Firewall Processing Module
      - JD255A HP 5820 VPN Firewall Module
  + **F1000-E (Comware 5) - Version: See Mitigation**
    * HP Network Products
      - JD272A HP F1000-E VPN Firewall Appliance
  + **F1000-A-EI (Comware 5) - Version: See Mitigation**
    * HP Network Products
      - JG214A HP F1000-A-EI VPN Firewall Appliance
  + **F1000-S-EI (Comware 5) - Version: See Mitigation**
    * HP Network Products
      - JG213A HP F1000-S-EI VPN Firewall Appliance
  + **F5000-A (Comware 5) - Version: See Mitigation**
    * HP Network Products
      - JD259A HP A5000-A5 VPN Firewall Chassis
      - JG215A HP F5000 Firewall Main Processing Unit
      - JG216A HP F5000 Firewall Standalone Chassis
  + **U200S and CS (Comware 5) - Version: See Mitigation**
    * HP Network Products
      - JD273A HP U200-S UTM Appliance
  + **U200A and M (Comware 5) - Version: See Mitigation**
    * HP Network Products
      - JD275A HP U200-A UTM Appliance
  + **F5000-C/S (Comware 5) - Version: See Mitigation**
    * HP Network Products
      - JG650A HP F5000-C VPN Firewall Appliance
      - JG370A HP F5000-S VPN Firewall Appliance
  + **SecBlade III (Comware 5) - Version: See Mitigation**
    * HP Network Products
      - JG371A HP 12500 20Gbps VPN Firewall Module
      - JG372A HP 10500/11900/7500 20Gbps VPN Firewall Module
  + **6600 RSE RU (Comware 5 Low Encryption SW) - Version: See Mitigation**
    * HP Network Products
      - JC177A HP 6608 Router
      - JC177B HP 6608 Router Chassis
      - JC178A HP 6604 Router Chassis
      - JC178B HP 6604 Router Chassis
      - JC496A HP 6616 Router Chassis
      - JC566A HP 6600 RSE-X1 Router Main Processing Unit
      - JG780A HP 6600 RSE-X1 TAA-compliant Main Processing Unit
  + **6600 RPE RU (Comware 5 Low Encryption SW) - Version: See Mitigation**
    * HP Network Products
      - JC165A HP 6600 RPE-X1 Router Module
      - JG781A HP 6600 RPE-X1 TAA-compliant Main Processing Unit
  + **6602 RU (Comware 5 Low Encryption SW) - Version: See Mitigation**
    * HP Network Products
      - JC176A HP 6602 Router Chassis
  + **HSR6602 RU (Comware 5 Low Encryption SW) - Version: See Mitigation**
    * HP Network Products
      - JC177A HP 6608 Router
      - JC177B HP 6608 Router Chassis
      - JC178A HP 6604 Router Chassis
      - JC178B HP 6604 Router Chassis
      - JC496A HP 6616 Router Chassis
      - JG353A HP HSR6602-G Router
      - JG354A HP HSR6602-XG Router
      - JG355A HP 6600 MCP-X1 Router Main Processing Unit
      - JG356A HP 6600 MCP-X2 Router Main Processing Unit
      - JG776A HP HSR6602-G TAA-compliant Router
      - JG777A HP HSR6602-XG TAA-compliant Router
      - JG778A HP 6600 MCP-X2 Router TAA-compliant Main Processing Unit
  + **HSR6800 RU (Comware 5 Low Encryption SW) - Version: See Mitigation**
    * HP Network Products
      - JG361A HP HSR6802 Router Chassis
      - JG361B HP HSR6802 Router Chassis
      - JG362A HP HSR6804 Router Chassis
      - JG362B HP HSR6804 Router Chassis
      - JG363A HP HSR6808 Router Chassis
      - JG363B HP HSR6808 Router Chassis
      - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
      - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing Unit
  + **SMB1910 (Comware 5) - Version: See Mitigation**
    * HP Network Products
      - JG540A HP 1910-48 Switch
      - JG539A HP 1910-24-PoE+ Switch
      - JG538A HP 1910-24 Switch
      - JG537A HP 1910-8 -PoE+ Switch
      - JG536A HP 1910-8 Switch
  + **SMB1920 (Comware 5) - Version: See Mitigation**
    * HP Network Products
      - JG928A HP 1920-48G-PoE+ (370W) Switch
      - JG927A HP 1920-48G Switch
      - JG926A HP 1920-24G-PoE+ (370W) Switch
      - JG925A HP 1920-24G-PoE+ (180W) Switch
      - JG924A HP 1920-24G Switch
      - JG923A HP 1920-16G Switch
      - JG922A HP 1920-8G-PoE+ (180W) Switch
      - JG921A HP 1920-8G-PoE+ (65W) Switch
      - JG920A HP 1920-8G Switch
  + **V1910 (Comware 5) - Version: See Mitigation**
    * HP Network Products
      - JE005A HP 1910-16G Switch
      - JE006A HP 1910-24G Switch
      - JE007A HP 1910-24G-PoE (365W) Switch
      - JE008A HP 1910-24G-PoE(170W) Switch
      - JE009A HP 1910-48G Switch
      - JG348A HP 1910-8G Switch
      - JG349A HP 1910-8G-PoE+ (65W) Switch
      - JG350A HP 1910-8G-PoE+ (180W) Switch
  + **SMB 1620 (Comware 5) - Version: See Mitigation**
    * HP Network Products
      - JG914A HP 1620-48G Switch
      - JG913A HP 1620-24G Switch
      - JG912A HP 1620-8G Switch


**COMWARE 7 Products**

  + **12500 (Comware 7) - Version: See Mitigation**
    * HP Network Products
      - JC072B HP 12500 Main Processing Unit
      - JC085A HP A12518 Switch Chassis
      - JC086A HP A12508 Switch Chassis
      - JC652A HP 12508 DC Switch Chassis
      - JC653A HP 12518 DC Switch Chassis
      - JC654A HP 12504 AC Switch Chassis
      - JC655A HP 12504 DC Switch Chassis
      - JF430A HP A12518 Switch Chassis
      - JF430B HP 12518 Switch Chassis
      - JF430C HP 12518 AC Switch Chassis
      - JF431A HP A12508 Switch Chassis
      - JF431B HP 12508 Switch Chassis
      - JF431C HP 12508 AC Switch Chassis
      - JG497A HP 12500 MPU w/Comware V7 OS
      - JG782A HP FF 12508E AC Switch Chassis
      - JG783A HP FF 12508E DC Switch Chassis
      - JG784A HP FF 12518E AC Switch Chassis
      - JG785A HP FF 12518E DC Switch Chassis
      - JG802A HP FF 12500E MPU
  + **10500 (Comware 7) - Version: See Mitigation**
    * HP Network Products
      - JC611A HP 10508-V Switch Chassis
      - JC612A HP 10508 Switch Chassis
      - JC613A HP 10504 Switch Chassis
      - JC748A HP 10512 Switch Chassis
      - JG608A HP FlexFabric 11908-V Switch Chassis
      - JG609A HP FlexFabric 11900 Main Processing Unit
      - JG820A HP 10504 TAA Switch Chassis
      - JG821A HP 10508 TAA Switch Chassis
      - JG822A HP 10508-V TAA Switch Chassis
      - JG823A HP 10512 TAA Switch Chassis
      - JG496A HP 10500 Type A MPU w/Comware v7 OS
      - JH198A HP 10500 Type D Main Processing Unit with Comware v7 Operating
System
      - JH206A HP 10500 Type D TAA-compliant with Comware v7 Operating System
Main Processing Unit
  + **12900 (Comware 7) - Version: See Mitigation**
    * HP Network Products
      - JG619A HP FlexFabric 12910 Switch AC Chassis
      - JG621A HP FlexFabric 12910 Main Processing Unit
      - JG632A HP FlexFabric 12916 Switch AC Chassis
      - JG634A HP FlexFabric 12916 Main Processing Unit
      - JH104A HP FlexFabric 12900E Main Processing Unit
      - JH114A HP FlexFabric 12910 TAA-compliant Main Processing Unit
      - JH263A HP FlexFabric 12904E Main Processing Unit
      - JH255A HP FlexFabric 12908E Switch Chassis
      - JH262A HP FlexFabric 12904E Switch Chassis
      - JH113A HP FlexFabric 12910 TAA-compliant Switch AC Chassis
      - JH103A HP FlexFabric 12916E Switch Chassis
  + **5900 (Comware 7) - Version: See Mitigation**
    * HP Network Products
      - JC772A HP 5900AF-48XG-4QSFP+ Switch
      - JG296A HP 5920AF-24XG Switch
      - JG336A HP 5900AF-48XGT-4QSFP+ Switch
      - JG510A HP 5900AF-48G-4XG-2QSFP+ Switch
      - JG554A HP 5900AF-48XG-4QSFP+ TAA Switch
      - JG555A HP 5920AF-24XG TAA Switch
      - JG838A HP FF 5900CP-48XG-4QSFP+ Switch
      - JH036A HP FlexFabric 5900CP 48XG 4QSFP+ TAA-Compliant
      - JH037A HP 5900AF 48XGT 4QSFP+ TAA-Compliant Switch
      - JH038A HP 5900AF 48G 4XG 2QSFP+ TAA-Compliant
  + **MSR1000 (Comware 7) - Version: See Mitigation**
    * HP Network Products
      - JG875A HP MSR1002-4 AC Router
      - JH060A HP MSR1003-8S AC Router
  + **MSR2000 (Comware 7) - Version: See Mitigation**
    * HP Network Products
      - JG411A HP MSR2003 AC Router
      - JG734A HP MSR2004-24 AC Router
      - JG735A HP MSR2004-48 Router
      - JG866A HP MSR2003 TAA-compliant AC Router
  + **MSR3000 (Comware 7) - Version: See Mitigation**
    * HP Network Products
      - JG404A HP MSR3064 Router
      - JG405A HP MSR3044 Router
      - JG406A HP MSR3024 AC Router
      - JG407A HP MSR3024 DC Router
      - JG408A HP MSR3024 PoE Router
      - JG409A HP MSR3012 AC Router
      - JG410A HP MSR3012 DC Router
      - JG861A HP MSR3024 TAA-compliant AC Router
  + **MSR4000 (Comware 7) - Version: See Mitigation**
    * HP Network Products
      - JG402A HP MSR4080 Router Chassis
      - JG403A HP MSR4060 Router Chassis
      - JG412A HP MSR4000 MPU-100 Main Processing Unit
      - JG869A HP MSR4000 TAA-compliant MPU-100 Main Processing Unit
  + **VSR (Comware 7) - Version: See Mitigation**
    * HP Network Products
      - JG810AAE HP VSR1001 Virtual Services Router 60 Day Evaluation
Software
      - JG811AAE HP VSR1001 Comware 7 Virtual Services Router
      - JG812AAE HP VSR1004 Comware 7 Virtual Services Router
      - JG813AAE HP VSR1008 Comware 7 Virtual Services Router
  + **7900 (Comware 7) - Version: See Mitigation**
    * HP Network Products
      - JG682A HP FlexFabric 7904 Switch Chassis
      - JG841A HP FlexFabric 7910 Switch Chassis
      - JG842A HP FlexFabric 7910 7.2Tbps Fabric / Main Processing Unit
      - JH001A HP FlexFabric 7910 2.4Tbps Fabric / Main Processing Unit
      - JH122A HP FlexFabric 7904 TAA-compliant Switch Chassis
      - JH123A HP FlexFabric 7910 TAA-compliant Switch Chassis
      - JH124A HP FlexFabric 7910 7.2Tbps TAA-compliant Fabric/Main
Processing Unit
      - JH125A HP FlexFabric 7910 2.4Tbps TAA-compliant Fabric/Main
Processing Unit
  + **5130 (Comware 7) - Version: See Mitigation**
    * HP Network Products
      - JG932A HP 5130-24G-4SFP+ EI Switch
      - JG933A HP 5130-24G-SFP-4SFP+ EI Switch
      - JG934A HP 5130-48G-4SFP+ EI Switch
      - JG936A HP 5130-24G-PoE+-4SFP+ (370W) EI Switch
      - JG937A HP 5130-48G-PoE+-4SFP+ (370W) EI Switch
      - JG938A HP 5130-24G-2SFP+-2XGT EI Switch
      - JG939A HP 5130-48G-2SFP+-2XGT EI Switch
      - JG940A HP 5130-24G-PoE+-2SFP+-2XGT (370W) EI Switch
      - JG941A HP 5130-48G-PoE+-2SFP+-2XGT (370W) EI Switch
      - JG975A HP 5130-24G-4SFP+ EI Brazil Switch
      - JG976A HP 5130-48G-4SFP+ EI Brazil Switch
      - JG977A HP 5130-24G-PoE+-4SFP+ (370W) EI Brazil Switch
      - JG978A HP 5130-48G-PoE+-4SFP+ (370W) EI Brazil Switch
  + **6125XLG - Version: See Mitigation**
    * HP Network Products
      - 711307-B21 HP 6125XLG Blade Switch
      - 737230-B21 HP 6125XLG Blade Switch with TAA
  + **6127XLG - Version: See Mitigation**
    * HP Network Products
      - 787635 HP 6127XLG Blade Switch Opt Kit
  + **Moonshot - Version: See Mitigation**
    * HP Network Products
      - 786617-B21 - HP Moonshot-45Gc Switch Module
      - 704654-B21 - HP Moonshot-45XGc Switch Module
      - 786619-B21 - HP Moonshot-180XGc Switch Module
  + **5700 (Comware 7) - Version: See Mitigation**
    * HP Network Products
      - JG894A HP FlexFabric 5700-48G-4XG-2QSFP+ Switch
      - JG895A HP FlexFabric 5700-48G-4XG-2QSFP+ TAA-compliant Switch
      - JG896A HP FlexFabric 5700-40XG-2QSFP+ Switch
      - JG897A HP FlexFabric 5700-40XG-2QSFP+ TAA-compliant Switch
      - JG898A HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch
      - JG899A HP FlexFabric 5700-32XGT-8XG-2QSFP+ TAA-compliant Switch
  + **5930 (Comware 7) - Version: See Mitigation**
    * HP Network Products
      - JG726A HP FlexFabric 5930 32QSFP+ Switch
      - JG727A HP FlexFabric 5930 32QSFP+ TAA-compliant Switch
      - JH178A HP FlexFabric 5930 2QSFP+ 2-slot Switch
      - JH179A HP FlexFabric 5930 4-slot Switch
      - JH187A HP FlexFabric 5930 2QSFP+ 2-slot TAA-compliant Switch
      - JH188A HP FlexFabric 5930 4-slot TAA-compliant Switch
  + **HSR6600 (Comware 7) - Version: See Mitigation**
    * HP Network Products
      - JG353A HP HSR6602-G Router
      - JG354A HP HSR6602-XG Router
      - JG776A HP HSR6602-G TAA-compliant Router
      - JG777A HP HSR6602-XG TAA-compliant Router
  + **HSR6800 (Comware 7) - Version: See Mitigation**
    * HP Network Products
      - JG361A HP HSR6802 Router Chassis
      - JG361B HP HSR6802 Router Chassis
      - JG362A HP HSR6804 Router Chassis
      - JG362B HP HSR6804 Router Chassis
      - JG363A HP HSR6808 Router Chassis
      - JG363B HP HSR6808 Router Chassis
      - JG364A HP HSR6800 RSE-X2 Router Main Processing Unit
      - JG779A HP HSR6800 RSE-X2 Router TAA-compliant Main Processing
      - JH075A HP HSR6800 RSE-X3 Router Main Processing Unit
  + **1950 (Comware 7) - Version: See Mitigation**
    * HP Network Products
      - JG960A HP 1950-24G-4XG Switch
      - JG961A HP 1950-48G-2SFP+-2XGT Switch
      - JG962A HP 1950-24G-2SFP+-2XGT-PoE+(370W) Switch
      - JG963A HP 1950-48G-2SFP+-2XGT-PoE+(370W) Switch
  + **7500 (Comware 7) - Version: See Mitigation**
    * HP Network Products
      - JD238C HP 7510 Switch Chassis
      - JD239C HP 7506 Switch Chassis
      - JD240C HP 7503 Switch Chassis
      - JD242C HP 7502 Switch Chassis
      - JH207A HP 7500 1.2Tbps Fabric with 2-port 40GbE QSFP+ for IRF-Only
Main Processing Unit
      - JH208A HP 7502 Main Processing Unit
      - JH209A HP 7500 2.4Tbps Fabric with 8-port 1/10GbE SFP+ and 2-port
40GbE QSFP+ Main Processing Unit
  + **5950 (Comware 7) - Version: See Mitigation**
    * HP Network Products
      - JH321A HPE FlexFabric 5950 32QSFP28 Switch
  + **5940 (Comware 7) - Version: See Mitigation**
    * HP Network Products
      - JH390A HPE FlexFabric 5940 48SFP+ 6QSFP28 Switch
      - JH391A HPE FlexFabric 5940 48XGT 6QSFP28 Switch
      - JH394A HPE FlexFabric 5940 48XGT 6QSFP+ Switch
      - JH395A HPE FlexFabric 5940 48SFP+ 6QSFP+ Switch
      - JH396A HPE FlexFabric 5940 32QSFP+ Switch
      - JH397A HPE FlexFabric 5940 2-slot Switch
      - JH398A HPE FlexFabric 5940 4-slot Switch

HISTORY
Version:1 (rev.1) - 18 November 2016 Initial release

Third Party Security Patches: Third party security patches that are to be
installed on systems running Hewlett Packard Enterprise (HPE) software
products should be applied in accordance with the customer's patch management
policy.

Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HPE Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hpe.com.

Report: To report a potential security vulnerability for any HPE supported
product:
  Web form: https://www.hpe.com/info/report-security-vulnerability
  Email: security-alert@hpe.com

Subscribe: To initiate a subscription to receive future HPE Security Bulletin
alerts via Email: http://www.hpe.com/support/Subscriber_Choice

Security Bulletin Archive: A list of recently released Security Bulletins is
available here: http://www.hpe.com/support/Security_Bulletin_Archive

Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.

3C = 3COM
3P = 3rd Party Software
GN = HPE General Software
HF = HPE Hardware and Firmware
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PV = ProCurve
ST = Storage Software
UX = HP-UX

Copyright 2016 Hewlett Packard Enterprise

Hewlett Packard Enterprise shall not be liable for technical or editorial
errors or omissions contained herein. The information provided is provided
"as is" without warranty of any kind. To the extent permitted by law, neither
HP or its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice. Hewlett
Packard Enterprise and the names of Hewlett Packard Enterprise products
referenced herein are trademarks of Hewlett Packard Enterprise in the United
States and other countries. Other product and company names mentioned herein
may be trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBCAAGBQJYLytTAAoJELXhAxt7SZaiMjYIAI4xgRNJCPqOZ40XLUNhxYrc
HyqTd62PbcGOPTFya1qOo16V94eJ5id5oRHOtcrFjJKtDedDS6OoAe5HWYXvLEI3
0fEzCNjk9aHTcvuf2t17MGhS0Fk2JrZ0191RFONKuEkqgMmK0d44SGMrVXSA28Dj
phW1dzm1HiJO0NPUOa+cYMhNt0+I7b+ulD6FdldNdqx4fNtlXiHvcRbF4Wffe2hD
N2hlvx1Wu1iu2g75XPNPOPYhDRkyAm79P2HZGCUohQlhWsRgcJRnubojJBr7CMf9
2Ud7MwYL4jTKK/mFdim4ej/hwPn3SCb5ekhTUBFDlu2J2DjUYi2xDQgyQkhuUIg=
=NGQO
-----END PGP SIGNATURE-----
    

- 漏洞信息

45127
MD5 Algorithm Hash Function Collision Cryptanalysis Weakness
Context Dependent Cryptographic
Loss of Integrity Discontinued Product
Exploit Public Third-party Verified

- 漏洞描述

The MD5 Message-Digest Algorithm contains a flaw in the hash table implementation. The issue is due the algorithm not providing enough collision resistance when hashing keys. This flaw may allow a context-dependent attacker to create malicious applications or conduct other spoofing attacks.

- 时间线

2004-08-18 Unknow
2007-11-30 Unknow

- 解决方案

Due to the encryption algorithm being compromised through cryptanalysis, it is generally accepted that it should no longer be used. It is recommended that an alternate, stronger algorithm be used to ensure data is properly protected.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

IETF RFC 3279 X.509 Certificate MD5 Signature Collision Vulnerability
Design Error 33065
Yes No
2008-12-30 12:00:00 2016-09-28 12:02:00
Alexander Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, and Benne de Weger.

- 受影响的程序版本

Yamaha SRT100 0
Yamaha RTX3000 0
Yamaha Rtx2000 0
Yamaha RTX1500
Yamaha RTX1100
Yamaha RTX1000
Yamaha RTV700
Yamaha RT300i
Yamaha RT107e 0
Yamaha RT105
Yamaha RT104 0
Ubuntu Ubuntu Linux 8.10 sparc
Ubuntu Ubuntu Linux 8.10 powerpc
Ubuntu Ubuntu Linux 8.10 lpia
Ubuntu Ubuntu Linux 8.10 i386
Ubuntu Ubuntu Linux 8.10 amd64
Ubuntu Ubuntu Linux 8.04 LTS sparc
Ubuntu Ubuntu Linux 8.04 LTS powerpc
Ubuntu Ubuntu Linux 8.04 LTS lpia
Ubuntu Ubuntu Linux 8.04 LTS i386
Ubuntu Ubuntu Linux 8.04 LTS amd64
Ubuntu Ubuntu Linux 7.10 sparc
Ubuntu Ubuntu Linux 7.10 powerpc
Ubuntu Ubuntu Linux 7.10 lpia
Ubuntu Ubuntu Linux 7.10 i386
Ubuntu Ubuntu Linux 7.10 amd64
Ubuntu Ubuntu Linux 6.06 LTS sparc
Ubuntu Ubuntu Linux 6.06 LTS powerpc
Ubuntu Ubuntu Linux 6.06 LTS i386
Ubuntu Ubuntu Linux 6.06 LTS amd64
Redhat Certificate Server 7.3
Mozilla Network Security Services (NSS) 3.11.3
Mozilla Network Security Services (NSS) 3.12
Mozilla Network Security Services (NSS) 3.11
IETF RFC 3279: Algorithms and Identifiers for the Inter 0
HP JG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU 0
HP JG767AAE HP IMC SmCnct WSM Vrtl Applnc SW E-LTU 0
HP JG766AAE HP IMC SmCnct Vrtl Applnc SW E-LTU 0
HP JG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU 0
HP JG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU 0
HP JG660AAE HP IMC Smart Connect w/WLM VAE E-LTU 0
HP JG590AAE HP IMC Bsc WLAN Mgr SW Pltfm 50 AP E-LTU 0
HP JG550AAE HP PMM to IMC Bsc WLM Upgr w/150AP E-LTU 0
HP JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU 0
HP JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU 0
HP JG546AAE HP IMC Basic SW Platform w/50-node E-LTU 0
HP JF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU 0
HP JF378A HP IMC Ent S/W Platform w/200-node Lic 0
HP JF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU 0
HP JF377A HP IMC Std S/W Platform w/100-node Lic 0
HP JF289AAE HP Enterprise Management System to Intelligent Manageme 0
HP JF288AAE HP Network Director to Intelligent Management Center 0
HP JD816A HP A-IMC Standard Edition Software DVD Media 0
HP JD815A HP IMC Std Platform w/100-node License 0
HP JD814A HP A-IMC Enterprise Edition Software DVD Media 0
HP JD808A HP IMC Ent Platform w/100-node License 0
HP JD126A HP IMC Ent S/W Platform w/100-node 0
HP JD125A HP IMC Std S/W Platform w/100-node 0
F5 ARX 6.4
F5 ARX 6.3
F5 ARX 6.2
F5 ARX 6.1.1
F5 ARX 6.1
F5 ARX 6.0
Cisco IOS CA 0
,Mozilla Network Security Services (NSS) 3.12.2

- 不受影响的程序版本

Mozilla Network Security Services (NSS) 3.12.2

- 漏洞讨论

X.509 certificates are prone to a signature-collision attack when signed with the MD5 algorithm. Attackers may take advantage of this issue to generate pairs of different, valid X.509 certificates that share a common signature.

An attacker is most likely to exploit this issue to conduct phishing attacks or to impersonate legitimate sites by taking advantage of malicious certificates. Other attacks are likely possible.

NOTE: This attack is an extension of the weakness covered in BID 11849 (MD5 Message Digest Algorithm Hash Collision Weakness).

- 漏洞利用

This attack has been demonstrated; please see the references for more information.

- 解决方案

Updates are available. Please see the references for more information.


Ubuntu Ubuntu Linux 7.10 powerpc

Ubuntu Ubuntu Linux 8.04 LTS powerpc

Ubuntu Ubuntu Linux 8.10 powerpc

Ubuntu Ubuntu Linux 8.04 LTS sparc

Ubuntu Ubuntu Linux 6.06 LTS sparc

Ubuntu Ubuntu Linux 8.04 LTS amd64

Ubuntu Ubuntu Linux 7.10 sparc

Ubuntu Ubuntu Linux 8.10 sparc

Ubuntu Ubuntu Linux 8.10 amd64

Ubuntu Ubuntu Linux 8.10 i386

Ubuntu Ubuntu Linux 6.06 LTS powerpc

Ubuntu Ubuntu Linux 8.04 LTS lpia

Ubuntu Ubuntu Linux 7.10 lpia

Ubuntu Ubuntu Linux 6.06 LTS i386

Ubuntu Ubuntu Linux 7.10 i386

Ubuntu Ubuntu Linux 8.10 lpia

Ubuntu Ubuntu Linux 6.06 LTS amd64

Ubuntu Ubuntu Linux 7.10 amd64

Ubuntu Ubuntu Linux 8.04 LTS i386

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站