CVE-2005-2969
CVSS5.0
发布时间 :2005-10-18 17:02:00
修订时间 :2011-03-07 21:25:22
NMCOPS    

[原文]The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack.


[CNNVD]OpenSSL不安全的协议协商漏洞(CNNVD-200510-139)

        OpenSSL是一种开放源码的SSL实现,用来实现网络通信的高强度加密,现在被广泛地用于各种网络应用程序中。
        为了能与Microsoft Internet Explorer 3.02完全兼容,可以在OpenSSL中使用SL_OP_MSIE_SSLV2_RSA_PADDING选项禁用安全套接字层协议所需的验证步骤。常用的SSL_OP_ALL选项中包含有上述选项。
        如果使用OpenSSL的应用服务器启用了SSL_OP_MSIE_SSLV2_RSA_PADDING选项的话,能够拦截并篡改客户端与服务器之间传输报文的攻击者就可以导致让协议版本协商使用SSLv2,即使客户端和服务端都支持SSLv3。由于SSLv2协议中的一些弱点,这可能允许攻击者读取或篡改正在发送的加密数据。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:openssl:openssl:0.9.7eOpenSSL Project OpenSSL 0.9.7e
cpe:/a:openssl:openssl:0.9.7dOpenSSL Project OpenSSL 0.9.7d
cpe:/a:openssl:openssl:0.9.7cOpenSSL Project OpenSSL 0.9.7c
cpe:/a:openssl:openssl:0.9.7gOpenSSL Project OpenSSL 0.9.7g
cpe:/a:openssl:openssl:0.9.7fOpenSSL Project OpenSSL 0.9.7f
cpe:/a:openssl:openssl:0.9.7aOpenSSL Project OpenSSL 0.9.7a
cpe:/a:openssl:openssl:0.9.8OpenSSL Project OpenSSL 0.9.8
cpe:/a:openssl:openssl:0.9.7bOpenSSL Project OpenSSL 0.9.7b
cpe:/a:openssl:openssl:0.9.7OpenSSL Project OpenSSL 0.9.7

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:11454The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING optio...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2969
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2969
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200510-139
(官方数据源) CNNVD

- 其它链接及资源

http://www.openssl.org/news/secadv_20051011.txt
(VENDOR_ADVISORY)  CONFIRM  http://www.openssl.org/news/secadv_20051011.txt
http://www.vupen.com/english/advisories/2007/2457
(UNKNOWN)  VUPEN  ADV-2007-2457
http://www.vupen.com/english/advisories/2007/0343
(UNKNOWN)  VUPEN  ADV-2007-0343
http://www.vupen.com/english/advisories/2007/0326
(UNKNOWN)  VUPEN  ADV-2007-0326
http://www.vupen.com/english/advisories/2006/3531
(UNKNOWN)  VUPEN  ADV-2006-3531
http://www.vupen.com/english/advisories/2005/3056
(UNKNOWN)  VUPEN  ADV-2005-3056
http://www.vupen.com/english/advisories/2005/3002
(UNKNOWN)  VUPEN  ADV-2005-3002
http://www.vupen.com/english/advisories/2005/2908
(UNKNOWN)  VUPEN  ADV-2005-2908
http://www.vupen.com/english/advisories/2005/2710
(UNKNOWN)  VUPEN  ADV-2005-2710
http://www.vupen.com/english/advisories/2005/2659
(UNKNOWN)  VUPEN  ADV-2005-2659
http://www.vupen.com/english/advisories/2005/2036
(UNKNOWN)  VUPEN  ADV-2005-2036
http://www.securityfocus.com/bid/15647
(UNKNOWN)  BID  15647
http://www.securityfocus.com/bid/15071
(UNKNOWN)  BID  15071
http://www.redhat.com/support/errata/RHSA-2008-0629.html
(UNKNOWN)  REDHAT  RHSA-2008:0629
http://www.redhat.com/support/errata/RHSA-2005-800.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2005:800
http://www.redhat.com/support/errata/RHSA-2005-762.html
(UNKNOWN)  REDHAT  RHSA-2005:762
http://www.novell.com/linux/security/advisories/2005_61_openssl.html
(UNKNOWN)  SUSE  SUSE-SA:2005:061
http://www.mandriva.com/security/advisories?name=MDKSA-2005:179
(UNKNOWN)  MANDRIVA  MDKSA-2005:179
http://www.juniper.net/support/security/alerts/PSN-2005-12-025.txt
(UNKNOWN)  MISC  http://www.juniper.net/support/security/alerts/PSN-2005-12-025.txt
http://www.debian.org/security/2005/dsa-882
(UNKNOWN)  DEBIAN  DSA-882
http://www.debian.org/security/2005/dsa-881
(UNKNOWN)  DEBIAN  DSA-881
http://www.debian.org/security/2005/dsa-875
(UNKNOWN)  DEBIAN  DSA-875
http://www.cisco.com/warp/public/707/cisco-response-20051202-openssl.shtml
(UNKNOWN)  CISCO  20051202 Cisco Security Notice: Response to OpenSSL - Potential SSL 2.0 Rollback
http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVHMCHMC_C081516_754
(UNKNOWN)  MISC  http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVHMCHMC_C081516_754
http://support.avaya.com/elmodocs2/security/ASA-2006-031.htm
(UNKNOWN)  CONFIRM  http://support.avaya.com/elmodocs2/security/ASA-2006-031.htm
http://securitytracker.com/id?1015032
(UNKNOWN)  SECTRACK  1015032
http://secunia.com/advisories/31492
(UNKNOWN)  SECUNIA  31492
http://secunia.com/advisories/19185
(UNKNOWN)  SECUNIA  19185
http://secunia.com/advisories/18663
(UNKNOWN)  SECUNIA  18663
http://secunia.com/advisories/18165
(UNKNOWN)  SECUNIA  18165
http://secunia.com/advisories/18123
(UNKNOWN)  SECUNIA  18123
http://secunia.com/advisories/18045
(UNKNOWN)  SECUNIA  18045
http://secunia.com/advisories/17888
(UNKNOWN)  SECUNIA  17888
http://secunia.com/advisories/17813
(UNKNOWN)  SECUNIA  17813
http://secunia.com/advisories/17632
(UNKNOWN)  SECUNIA  17632
http://secunia.com/advisories/17617
(UNKNOWN)  SECUNIA  17617
http://secunia.com/advisories/17589
(UNKNOWN)  SECUNIA  17589
http://secunia.com/advisories/17466
(UNKNOWN)  SECUNIA  17466
http://secunia.com/advisories/17432
(UNKNOWN)  SECUNIA  17432
http://secunia.com/advisories/17409
(UNKNOWN)  SECUNIA  17409
http://secunia.com/advisories/17389
(UNKNOWN)  SECUNIA  17389
http://secunia.com/advisories/17344
(UNKNOWN)  SECUNIA  17344
http://secunia.com/advisories/17335
(UNKNOWN)  SECUNIA  17335
http://secunia.com/advisories/17288
(UNKNOWN)  SECUNIA  17288
http://secunia.com/advisories/17259
(UNKNOWN)  SECUNIA  17259
http://secunia.com/advisories/17210
(UNKNOWN)  SECUNIA  17210
http://secunia.com/advisories/17191
(UNKNOWN)  SECUNIA  17191
http://secunia.com/advisories/17189
(UNKNOWN)  SECUNIA  17189
http://secunia.com/advisories/17180
(UNKNOWN)  SECUNIA  17180
http://secunia.com/advisories/17178
(UNKNOWN)  SECUNIA  17178
http://secunia.com/advisories/17169
(UNKNOWN)  SECUNIA  17169
http://secunia.com/advisories/17153
(UNKNOWN)  SECUNIA  17153
http://secunia.com/advisories/17151
(UNKNOWN)  SECUNIA  17151
http://secunia.com/advisories/17146
(UNKNOWN)  SECUNIA  17146
http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html
(UNKNOWN)  TRUSTIX  TSLSA-2005-0059
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540
(UNKNOWN)  HP  SSRT071299
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100
(UNKNOWN)  HP  SSRT061239
http://docs.info.apple.com/article.html?artnum=302847
(UNKNOWN)  APPLE  APPLE-SA-2005-11-29
https://issues.rpath.com/browse/RPL-1633
(UNKNOWN)  CONFIRM  https://issues.rpath.com/browse/RPL-1633
http://xforce.iss.net/xforce/xfdb/35287
(UNKNOWN)  XF  hitachi-hicommand-security-bypass(35287)
http://www.securityfocus.com/bid/24799
(UNKNOWN)  BID  24799
http://www.hitachi-support.com/security_e/vuls_e/HS07-016_e/index-e.html
(UNKNOWN)  CONFIRM  http://www.hitachi-support.com/security_e/vuls_e/HS07-016_e/index-e.html
http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html
(UNKNOWN)  CONFIRM  http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html
http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm
(UNKNOWN)  CONFIRM  http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101974-1
(UNKNOWN)  SUNALERT  101974
http://secunia.com/advisories/26893
(UNKNOWN)  SECUNIA  26893
http://secunia.com/advisories/25973
(UNKNOWN)  SECUNIA  25973
http://secunia.com/advisories/23915
(UNKNOWN)  SECUNIA  23915
http://secunia.com/advisories/23843
(UNKNOWN)  SECUNIA  23843
http://secunia.com/advisories/23340
(UNKNOWN)  SECUNIA  23340
http://secunia.com/advisories/23280
(UNKNOWN)  SECUNIA  23280
http://secunia.com/advisories/21827
(UNKNOWN)  SECUNIA  21827
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540
(UNKNOWN)  HP  SSRT071299
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100
(UNKNOWN)  HP  HPSBUX02174
ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers/dir5.10.3_docs_relnotes.pdf
(UNKNOWN)  MISC  ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers/dir5.10.3_docs_relnotes.pdf

- 漏洞信息

OpenSSL不安全的协议协商漏洞
中危 设计错误
2005-10-18 00:00:00 2009-01-23 00:00:00
远程  
        OpenSSL是一种开放源码的SSL实现,用来实现网络通信的高强度加密,现在被广泛地用于各种网络应用程序中。
        为了能与Microsoft Internet Explorer 3.02完全兼容,可以在OpenSSL中使用SL_OP_MSIE_SSLV2_RSA_PADDING选项禁用安全套接字层协议所需的验证步骤。常用的SSL_OP_ALL选项中包含有上述选项。
        如果使用OpenSSL的应用服务器启用了SSL_OP_MSIE_SSLV2_RSA_PADDING选项的话,能够拦截并篡改客户端与服务器之间传输报文的攻击者就可以导致让协议版本协商使用SSLv2,即使客户端和服务端都支持SSLv3。由于SSLv2协议中的一些弱点,这可能允许攻击者读取或篡改正在发送的加密数据。

- 公告与补丁

        暂无数据

- 漏洞信息 (F53990)

HP Security Bulletin 2007-12.99 (PacketStormID:F53990)
2007-01-27 00:00:00
Hewlett Packard  hp.com
advisory,denial of service,arbitrary,vulnerability
hpux
CVE-2006-2940,CVE-2006-2937,CVE-2006-3738,CVE-2006-4343,CVE-2006-4339,CVE-2005-2969
[点击下载]

HP Security Bulletin - Potential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c00849540
Version: 1

HPSBUX02186 SSRT071299 rev.1 - HP-UX running Apache Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Access

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2007-01-17
Last Updated: 2007-01-23

Potential Security Impact: Remote execution of arbitrary code, Denial of Service (DoS), and unauthorized access.

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with Apache running on HP-UX. These vulnerabilities could be exploited remotely to allow execution of arbitrary code, Denial of Service (DoS), or unauthorized access.

References: CVE-2006-2940, CVE-2006-2937, CVE-2006-3738, CVE-2006-4343, CVE-2006-4339, CVE-2005-2969.

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23, and B.11.31 running Apache-based Web Server prior to v.2.0.58.01

BACKGROUND

AFFECTED VERSIONS

For IPv4:
HP-UX B.11.00
HP-UX B.11.11
===========
hpuxwsAPACHE
action: install revision A.2.0.58.01 or subsequent
restart Apache
URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

For IPv6:
HP-UX B.11.11
===========
hpuxwsAPACHE,revision=B.1.0.00.01
hpuxwsAPACHE,revision=B.1.0.07.01
hpuxwsAPACHE,revision=B.1.0.08.01
hpuxwsAPACHE,revision=B.1.0.09.01
hpuxwsAPACHE,revision=B.1.0.10.01
hpuxwsAPACHE,revision=B.2.0.48.00
hpuxwsAPACHE,revision=B.2.0.49.00
hpuxwsAPACHE,revision=B.2.0.50.00
hpuxwsAPACHE,revision=B.2.0.51.00
hpuxwsAPACHE,revision=B.2.0.52.00
hpuxwsAPACHE,revision=B.2.0.53.00
hpuxwsAPACHE,revision=B.2.0.54.00
hpuxwsAPACHE,revision=B.2.0.55.00
hpuxwsAPACHE,revision=B.2.0.56.00
hpuxwsAPACHE,revision=B.2.0.58.00
action: install revision B.2.0.58.01 or subsequent
restart Apache
URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

HP-UX B.11.23
===========
hpuxwsAPACHE
action: install revision B.2.0.58.01 or subsequent
restart Apache
URL:http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

END AFFECTED VERSIONS

RESOLUTION

HP has made the following software updates available to resolve the issue.
Software updates for the Apache-based Web Server are available from:
http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE

HP-UX B.11.00, B.11.11 and HP-UX B.11.23 require the Apache-based Web Server v.2.0.58.01 or subsequent.

Apache Update Procedure

Check for Apache Installation
 -----------------------------
To determine if the Apache web server from HP is installed on your system, use Software Distributor's swlist command. All three revisions of the product may co-exist on a single system.
For example, the results of the command swlist -l product | grep -I apache
hpuxwsAPACHE B.2.0.55.00 HP-UX Apache-based Web Server

Stop Apache
 -------------
Before updating, make sure the previous Apache binary is stopped. If Apache is not stopped, the installation would be successful but the new version would be prevented from starting until a later time.
After determining which Apache is installed, stop Apache with the following commands:
for hpuxwsAPACHE: /opt/hpws/apache[32]/bin/apachectl stop

Download and Install Apache
 --------------------------
Download Apache from Software Depot. http://h20293.www2.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=HPUXWSSUITE
Verify successful download by comparing the cksum with the value specified on the installation web page.
Use SD to swinstall the depot. Installation of this new revision of HP Apache over an existing HP Apache installation is supported, while installation over a non-HP Apache is NOT supported.

Removing Apache Installation
 ---------------------------
The potential vulnerability can also be resolved by removing Apache rather than installing a newer revision. To remove Apache use both Software Distributor's "swremove" command and also "rm -rf" the home location as specified in the rc.config.d file "HOME" variables.
%ls /etc/rc.config.d | \ grep apache hpapache2conf hpws_apache[32]conf

MANUAL ACTIONS: Yes - Update plus other actions
Install the revision of the product.

PRODUCT SPECIFIC INFORMATION
HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all HP-issued Security Bulletins to provide a subset of recommended actions that potentially affect a specific HP-UX system.
For more information: http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA

HISTORY: rev.1 - 23 January 2007 Initial Release

Third Party Security Patches: Third party security patches which are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For further information, contact normal HP Services support channel.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
  To: security-alert@hp.com
  Subject: get key

Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
  - check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
  - verify your operating system selections are checked and save.

To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do

* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:

GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."

    

- 漏洞信息 (F43731)

HP Security Bulletin 2005-11.2 (PacketStormID:F43731)
2006-02-13 00:00:00
Hewlett Packard,HP  hp.com
advisory,remote,web,protocol
CVE-2005-2969
[点击下载]

HP Security Bulletin - A potential security vulnerability has been identified in the SSL v2 implementation used in HP HTTP Server v5.9.6 that may allow a remote attacker to force the use of a weaker security protocol via a man-in-the-middle attack.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c00592810
Version: 1

HPSBMA02093 SSRT051102 rev.1 - HP HTTP Server Running on Windows,
Forced Use of Weaker Security Protocol

NOTICE: The information in this Security Bulletin should be acted
upon as soon as possible.

Release Date: 2006-01-17
Last Updated: 2006-02-09

Potential Security Impact: Forced use of weaker security protocol

Source: Hewlett-Packard Company,
        HP Software Security Response Team

VULNERABILITY SUMMARY
A potential security vulnerability has been identified in the SSL
v2 implementation used in HP HTTP Server v5.9.6 that may allow a
remote attacker to force the use of a weaker security protocol
via a man-in-the-middle attack.

References: CAN-2005-2969

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP HTTP Server versions earlier than version 5.9.7 running on
Microsoft Windows NT, Windows 2000 Server and Windows 2003
Operating Systems

The table below shows the vulnerable products running Microsoft
Windows HP HTTP Server software.

 Agent/Utility (Product)
   Platform
      Operating System
 --------------------------------------------------------------
 HP Server Management Application and Agents
    ProLiant, ProSignia Servers, and AlphaServers
       Windows NT 4.0
 --------------------------------------------------------------
 HP Version Control Agent
    ProLiant Servers
       Windows NT 4.0
 --------------------------------------------------------------
 HP Version Control Repository Manager
    ProLiant Servers
       Windows NT 4.0
 --------------------------------------------------------------
 Compaq Insight Manager 7 (SNMP and DMI agents)
    ProLiant and ProSignia Servers
       Windows NT 4.0
 --------------------------------------------------------------
 HP Array Configuration Utility
    ProLiant Servers
       Windows NT 4.0
 --------------------------------------------------------------
 Compaq Survey Utility (when installed as an agent)
    ProLiant and ProSignia Servers
       Windows NT 4.0
 --------------------------------------------------------------
 Performance Management Pack
    ProLiant Servers
       Windows NT 4.0 Windows 2000/2003
 --------------------------------------------------------------
 ProLiant Performance Analyzer
    ProLiant Servers
       Windows NT 4.0 Windows 2000/2003
 --------------------------------------------------------------
 Intelligent Cluster Administrator
    ProLiant Servers
       Windows NT 4.0 Windows 2000/2003
 --------------------------------------------------------------
 Compaq Power Management
    ProLiant Servers
       Windows NT 4.0 Windows 2000/2003
 --------------------------------------------------------------

BACKGROUND

To ensure that HP System Management Homepage Software has the most
current enhancements and patches, upgrade to the latest versions
as they become available. For additional information, refer to the
ProLiant server management web site at the following URL:
www.hp.com/servers/manage

RESOLUTION

HP has made available a software update to resolve the issue

The HP Web-Enabled Management Software Security Patch for Windows
is available as SoftPaq SP31652 and can be downloaded from:

http://h18023.www1.hp.com/support/files/server/us/
download/23969.html

The table below shows the vulnerable products running Microsoft
Windows HP HTTP Server software and the recommended action for
impacted versions.

 Agent/Utility (Product)
    Platform
       Operating System
          O/S or Product Recommended Action
 --------------------------------------------------------------
 HP Server Management Application and Agents
    ProLiant, ProSignia Servers, and AlphaServers
       Windows NT 4.0
          Upgrade to latest Windows NT 4.0 PSP
          then apply update SP31652
 --------------------------------------------------------------
 HP Version Control Agent
    ProLiant Servers
       Windows NT 4.0
          Upgrade to latest Windows NT 4.0 PSP
          then apply update SP31652
  --------------------------------------------------------------
 HP Version Control Repository Manager
    ProLiant Servers
       Windows NT 4.0
          Upgrade to latest Windows NT 4.0 PSP
          then apply update SP31652
 --------------------------------------------------------------
 Compaq Insight Manager 7 (SNMP and DMI agents)
    ProLiant and ProSignia Servers
       Windows NT 4.0
          Upgrade to latest IM7 supporting Windows NT 4.0
          then apply update SP31652
 --------------------------------------------------------------
 HP Array Configuration Utility
    ProLiant Servers
       Windows NT 4.0
          Upgrade to latest Windows NT 4.0 PSP
          then apply update SP31652
 --------------------------------------------------------------
 Performance Management Pack
    ProLiant Servers
       Windows NT 4.0, 2000/2003
          For v3.1 or later - Apply update SP31652
 --------------------------------------------------------------
 ProLiant Performance Analyzer
    ProLiant Servers
       Windows NT 4.0, 2000/2003
          All versions - Apply update SP31652
 --------------------------------------------------------------
 Intelligent Cluster Administrator
    ProLiant Servers
       Windows NT 4.0, 2000/2003
          All versions - Apply update SP31652
 --------------------------------------------------------------
 Compaq Power Management
    ProLiant Servers
          All versions - Apply update SP31652
 --------------------------------------------------------------

NOTE: This vulnerability has been resolved in earlier versions of
the Utilities/Agents running on Linux systems.


PRODUCT SPECIFIC INFORMATION


HISTORY
Version:1 (rev.1) - 09 February 2006 Initial release



Support: For further information, contact normal HP Services
support channel.

Report: To report a potential security vulnerability with any HP
supported product, send Email to: security-alert@hp.com.  It is
strongly recommended that security related information being
communicated to HP be encrypted using PGP, especially exploit
information.  To get the security-alert PGP key, please send an
e-mail message as follows:
  To: security-alert@hp.com
  Subject: get key

Subscribe: To initiate a subscription to receive future HP
Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&
langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC

On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
  - check ALL categories for which alerts are required and
    continue.
Under Step2: your ITRC operating systems
  - verify your operating system selections are checked and
    save.

To update an existing subscription:
http://h30046.www3.hp.com/subSignIn.php
Log in on the web page:
  Subscriber's choice for Business: sign-in.
On the web page:
  Subscriber's Choice: your profile summary
    - use Edit Profile to update appropriate sections.

To review previously published Security Bulletins visit:
http://www.itrc.hp.com/service/cki/secBullArchive.do

* The Software Product Category that this Security Bulletin
relates to is represented by the 5th and 6th characters of the
Bulletin number in the title:

    GN = HP General SW,
    MA = HP Management Agents,
    MI = Misc. 3rd party SW,
    MP = HP MPE/iX,
    NS = HP NonStop Servers,
    OV = HP OpenVMS,
    PI = HP Printing & Imaging,
    ST = HP Storage SW,
    TL = HP Trusted Linux,
    TU = HP Tru64 UNIX,
    UX = HP-UX,
    VV = HP Virtual Vault


System management and security procedures must be reviewed
frequently to maintain system integrity. HP is continually
reviewing and enhancing the security features of software products
to provide customers with current secure solutions.

"HP is broadly distributing this Security Bulletin in order to
bring to the attention of users of the affected HP products the
important security information contained in this Bulletin. HP
recommends that all users determine the applicability of this
information to their individual situations and take appropriate
action. HP does not warrant that this information is necessarily
accurate or complete for all user situations and, consequently, HP
will not be responsible for any damages resulting from user's use
or disregard of the information provided in this Bulletin. To the
extent permitted by law, HP disclaims all warranties, either
express or implied, including the warranties of merchantability
and fitness for a particular purpose, title and non-infringement."


(c)Copyright 2006 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or
editorial errors or omissions contained herein. The information
provided is provided "as is" without warranty of any kind. To the
extent permitted by law, neither HP nor its affiliates,
subcontractors or suppliers will be liable for incidental, special
or consequential damages including downtime cost; lost profits;
damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration.
The information in this document is subject to change without
notice. Hewlett-Packard Company and the names of Hewlett-Packard
products referenced herein are trademarks of Hewlett-Packard
Company in the United States and other countries. Other product
and company names mentioned herein may be trademarks of their
respective owners.

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBQ+yIpOAfOvwtKn1ZEQIIGQCdHMMvJH4i71zsoV+bOdU6RD+8pcYAoPon
fPqm6EnZY4/P5OLb8aHILtlp
=/KHf
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F42016)

Apple Security Advisory 2005-11-29 (PacketStormID:F42016)
2005-12-02 00:00:00
Apple  apple.com
advisory,vulnerability
apple
CVE-2005-2088,CVE-2005-2700,CVE-2005-2757,CVE-2005-3185,CVE-2005-3700,CVE-2005-2969,CVE-2005-3701,CVE-2005-2491,CVE-2005-3702,CVE-2005-3703,CVE-2005-3705,CVE-2005-1993,CVE-2005-3704
[点击下载]

Apple Security Advisory - Apple has released a security update which addresses over a dozen vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2005-11-29 Security Update 2005-009

Security Update 2005-009 is now available and delivers the following
security enhancements:

Apache2
CVE-ID:  CVE-2005-2088
Available for:  Mac OS X Server v10.3.9, Mac OS X Server v10.4.3
Impact:  Cross-site scripting may be possible in certain
configurations
Description:  The Apache 2 web server may allow an attacker to bypass
protections using specially-crafted HTTP headers.  This behavior is
only present when Apache is used in conjunction with certain proxy
servers, caching servers, or web application firewalls.  This update
addresses the issue by incorporating Apache version 2.0.55.

apache_mod_ssl
CVE-ID:  CVE-2005-2700
Available for:  Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X
v10.4.3, Mac OS X Server v10.4.3
Impact:  SSL client authentication may be bypassed in certain
configurations
Description:  The Apache web server's mod_ssl module may allow an
attacker unauthorized access to a resource that is configured to
require SSL client authentication.  Only Apache configurations that
include the "SSLVerifyClient require" directive may be affected.
This update address the issue by incorporating mod_ssl 2.8.24 and
Apache version 2.0.55 (Mac OS X Server).

CoreFoundation
CVE-ID:  CVE-2005-2757
Available for:  Mac OS X v10.4.3, Mac OS X Server v10.4.3
Impact:  Resolving a maliciously-crafted URL may result in crashes or
arbitrary code execution
Description:  By carefully crafting a URL, an attacker can trigger a
heap buffer overflow in CoreFoundation which may result in a crash or
arbitrary code execution.  CoreFoundation is used by Safari and other
applications.  This update addresses the issue by performing
additional validation of URLs.  This issue does not affect systems
prior to Mac OS X v10.4.

curl
CVE-ID:  CVE-2005-3185
Available for:  Mac OS X v10.4.3, Mac OS X Server v10.4.3
Impact:  Visiting a malicious HTTP server and using NTLM
authentication may result in arbitrary code execution
Description:  Using curl with NTLM authentication enabled to download
an HTTP resource may allow an attacker to supply an overlong user or
domain name.  This may cause a stack buffer overflow and lead to
arbitrary code execution.  This update addresses the issue by
performing additional validation when using NTLM authentication.
This issue does not affect systems prior to Mac OS X v10.4.

iodbcadmintool
CVE-ID:  CVE-2005-3700
Available for:  Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X
v10.4.3, Mac OS X Server v10.4.3
Impact:  Local users may gain elevated privileges
Description:  The ODBC Administrator utility includes a helper tool
called iodbcadmintool that executes with raised privileges.  This
helper tool contains a vulnerability that may allow local users to
execute arbitrary commands with raised privileges.  This update
addresses the issue by providing an updated iodbcadmintool that is
not susceptible.

OpenSSL
CVE-ID:  CVE-2005-2969
Available for:  Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X
v10.4.3, Mac OS X Server v10.4.3
Impact:  Applications using OpenSSL may be forced to use the weaker
SSLv2 protocol
Description:  Applications that do not disable SSLv2 or that enable
certain compatibility options when using OpenSSL may be vulnerable to
a protocol downgrade attack.  Such attacks may cause an SSL
connection to use the SSLv2 protocol which provides less protection
than SSLv3 or TLS.  Further information on this issue is available at
http://www.openssl.org/news/secadv_20051011.txt.  This update
addresses the issue by incorporating OpenSSL version 0.9.7i.

passwordserver
CVE-ID:  CVE-2005-3701
Available for:  Mac OS X Server v10.3.9, Mac OS X Server v10.4.3
Impact:  Local users on Open Directory master servers may gain
elevated privileges
Description:  When creating an Open Directory master server,
credentials may be compromised.  This could lead to unprivileged
local users gaining elevated privileges on the server.  This update
addresses the issue by ensuring the credentials are protected.

Safari
CVE-ID:  CVE-2005-2491
Available for:  Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X
v10.4.3, Mac OS X Server v10.4.3
Impact:  Processing a regular expressions may result in arbitrary
code execution
Description:  The JavaScript engine in Safari uses a version of the
PCRE library that is vulnerable to a potentially exploitable heap
overflow.  This may lead to the execution of arbitrary code.  This
update addresses the issue by providing a new version of the
JavaScript engine that incorporates more robust input validation.

Safari
CVE-ID:  CVE-2005-3702
Available for:  Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X
v10.4.3, Mac OS X Server v10.4.3
Impact:  Safari may download files outside of the designated download
directory
Description:  When files are downloaded in Safari they are normally
placed in the location specified as the download directory.  However,
if a web site suggests an overlong filename for a download, it is
possible for Safari to create this file in other locations.  Although
the filename and location of the downloaded file content cannot be
directly specified by remote servers, this may still lead to
downloading content into locations accessible to other users.  This
update addresses the issue by rejecting overlong filenames.

Safari
CVE-ID:  CVE-2005-3703
Available for:  Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X
v10.4.3, Mac OS X Server v10.4.3
Impact:  JavaScript dialog boxes in Safari may be misleading
Description:  In Safari, JavaScript dialog boxes do not indicate the
web site that created them.  This could mislead users into
unintentionally disclosing information to a web site.  This update
addresses the issue by displaying the originating site name in
JavaScript dialog boxes.  Credit to Jakob Balle of Secunia Research
for reporting this issue.

Safari
CVE-ID:  CVE-2005-3705
Available for:  Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X
v10.4.3, Mac OS X Server v10.4.3
Impact:  Visiting malicious web sites with WebKit-based applications
may lead to arbitrary code execution
Description:  WebKit contains a heap overflow that may lead to the
execution of arbitrary code.  This may be triggered by content
downloaded from malicious web sites in applications that use WebKit
such as Safari.  This update addresses the issue by removing the heap
overflow from WebKit.  Credit to Neil Archibald of Suresec LTD and
Marco Mella for reporting this issue.

sudo
CVE-ID:  CVE-2005-1993
Available for:  Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X
v10.4.3, Mac OS X Server v10.4.3
Impact:  Local users may be able to gain elevated privileges in
certain sudo configurations
Description:  Sudo allows system administrators to grant users the
ability to run specific commands with elevated privileges.  Although
the default configuration is not vulnerable to this issue, custom
sudo configurations may not properly restrict users.  Further
information on this issue is available from:
http://www.sudo.ws/sudo/alerts/path_race.html
This update addresses the issue by incorporating sudo version
1.6.8p9.

syslog
CVE-ID:  CVE-2005-3704
Available for:  Mac OS X v10.4.3, Mac OS X Server v10.4.3
Impact:  System log entries may be forged
Description:  The system log server records syslog messages verbatim.
By supplying control characters such as the newline character, a
local attacker could forge entries with the intention to mislead the
system administrator.  This update addresses the issue by specially
handling control characters and other non-printable characters.  This
issue does not affect systems prior to Mac OS X v10.4.  Credit to
HELIOS Software GmbH for reporting this issue.

Additional Information

Also included in this update are enhancements to Safari to improve
handling of credit card security codes (Mac OS X v10.3.9 and Mac OS X
v10.4.3), CoreTypes to improve handling of Terminal files (Mac OS X
v10.4.3), QuickDraw Manager to improve rendering of PICT files (Mac
OS X v10.3.9), documentation regarding OpenSSH and PAM (Mac OS X
v10.4.3), and ServerMigration to remove unneeded privileges.

Security Update 2005-009 may be obtained from the Software Update
pane in System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/

For Mac OS X v10.4.3
The download file is named:  "SecUpd2005-009Ti.dmg"
Its SHA-1 digest is:  544f51a7bc73a57dbca95e05693904aadb2f94b1

For Mac OS X Server v10.4.3
The download file is named:  "SecUpdSrvr2005-009Ti.dmg"
Its SHA-1 digest is:  b7620426151b8f1073c9ff73b2adf43b3086cc60

For Mac OS X v10.3.9
The download file is named:  "SecUpd2005-009Pan.dmg"
Its SHA-1 digest is:  ea17ad7852b3e6277f53c2863e51695ac7018650

For Mac OS X Server v10.3.9
The download file is named:  "SecUpdSrvr2005-009Pan.dmg"
Its SHA-1 digest is:  b03711729697ea8e6b683eb983343f2f3de3af13

Information will also be posted to the Apple Product Security
web site:
http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.1 (Build 2185)

iQEVAwUBQ4zotIHaV5ucd/HdAQJiPAf/S7bsLZk3R7I8FBidCKQ/bxSxjhTFx8sK
vqsVFNDsXzv+tEa3IP58D8lI8lF94o+50p59qaPWxHzl4HxPVKlH4YCiBesYmVRp
FcGo0qbzj5wJzdWADPV+I8O+/CR5k8J35PuKDIzPabnO67nxoXc/DF6go50e5Hr9
Yqs2477ufq0ANd8wG9dF5pfcYwD8KRLfOmfJ9ZVhbG8Up0uO4JH71cTQZIFcKkYf
g6N9SCnqx5JqCwsRx85a8WuY1x97K3zqP53/bt4Wzi76VaaSaYj01nVywworTik4
YzOWOckJmWU9+66iby9mKY2mzz+u/vwtiMp577yT4y9FiSg6yp7mWQ==
=jnz9
-----END PGP SIGNATURE-----
   
    

- 漏洞信息 (F41656)

SCOSA-2005.48.txt (PacketStormID:F41656)
2005-11-20 00:00:00
SCO  sco.com
advisory
CVE-2005-2969
[点击下载]

SCO Security Advisory - A vulnerability has been found in OpenSSL which potentially affects applications that use the SSL/TLS server implementation provided by OpenSSL.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

______________________________________________________________________________

 			SCO Security Advisory

Subject:		UnixWare 7.1.3 UnixWare 7.1.4 : OpenSSL Potential SSL 2.0 Rollback Vulnerability
Advisory number:	SCOSA-2005.48
Issue date:		2005 November 15
Cross reference:	fz533160
 			CVE-2005-2969
______________________________________________________________________________


1. Problem Description

 	A vulnerability has been found in OpenSSL which potentially
 	affects applications that use the SSL/TLS server implementation
 	provided by OpenSSL.

 	Such applications are affected if they use the option
 	SSL_OP_MSIE_SSLV2_RSA_PADDING.  This option is implied by use of
 	SSL_OP_ALL, which is intended to work around various bugs in
 	third-party software that might prevent interoperability.  The
 	SSL_OP_MSIE_SSLV2_RSA_PADDING option disables a verification
 	step in the SSL 2.0 server supposed to prevent active
 	protocol-version rollback attacks.  With this verification step
 	disabled, an attacker acting as a "man in the middle" can force
 	a client and a server to negotiate the SSL 2.0 protocol even if
 	these parties both support SSL 3.0 or TLS 1.0.  The SSL 2.0
 	protocol is known to have severe cryptographic weaknesses and is
 	supported as a fallback only.

 	Applications using neither SSL_OP_MSIE_SSLV2_RSA_PADDING nor
 	SSL_OP_ALL are not affected.  Also, applications that disable
 	use of SSL 2.0 are not affected.

 	The Common Vulnerabilities and Exposures project (cve.mitre.org)
 	has assigned the name CVE-2005-2969 to this issue.


2. Vulnerable Supported Versions

 	System				Binaries
 	----------------------------------------------------------------------
 	UnixWare 7.1.3 			All earlier OpenSSL distributions
 	UnixWare 7.1.4 			All earlier OpenSSL distributions


3. Solution

 	The proper solution is to install the latest packages.


4. UnixWare 7.1.3

 	4.1 Location of Fixed Binaries

 	ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.48


 	4.2 Verification

 	MD5 (openssl-0.9.7i.image) = 528a4e250fe58da796bf17c71b46c48b

 	md5 is available for download from
 		ftp://ftp.sco.com/pub/security/tools


 	4.3 Installing Fixed Binaries

 	Upgrade the affected binaries with the following sequence:

 	Download openssl-0.9.7i.image to the /var/spool/pkg directory.

 	# pkgadd -d /var/spool/pkg/openssl-0.9.7i.image


5. UnixWare 7.1.4

 	5.1 Location of Fixed Binaries

 	ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.48


 	5.2 Verification

 	MD5 (openssl-0.9.7i.image) = 528a4e250fe58da796bf17c71b46c48b

 	md5 is available for download from
 		ftp://ftp.sco.com/pub/security/tools


 	5.3 Installing Fixed Binaries

 	Upgrade the affected binaries with the following sequence:

 	Download openssl-0.9.7i.image to the /var/spool/pkg directory.

 	# pkgadd -d /var/spool/pkg/openssl-0.9.7i.image


6. References

 	Specific references for this advisory:
 		http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2969
 		http://www.openssl.org/news/secadv_20051011.txt

 	SCO security resources:
 		http://www.sco.com/support/security/index.html

 	SCO security advisories via email
 		http://www.sco.com/support/forums/security.html

 	This security fix closes SCO incidents fz533160.


7. Disclaimer

 	SCO is not responsible for the misuse of any of the information
 	we provide on this website and/or through our security
 	advisories. Our advisories are a service to our customers
 	intended to promote secure installation and use of SCO
 	products.


______________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (UnixWare)

iD8DBQFDeivIaqoBO7ipriERApy+AJ9R0xNIZA4uHFvKZOmxiir77ZIFhQCggUyy
ATHvbNOkKn7sYBLOkLK1wBg=
=AX7f
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息 (F41293)

Debian Linux Security Advisory 882-1 (PacketStormID:F41293)
2005-11-05 00:00:00
Debian  security.debian.org
advisory,protocol
linux,debian
CVE-2005-2969
[点击下载]

Debian Security Advisory DSA 882-1 - Yutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer (OpenSSL) library that can allow an attacker to perform active protocol-version rollback attacks that could lead to the use of the weaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS 1.0.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 882-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
November 4th, 2005                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : openssl095
Vulnerability  : cryptographic weakness
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2005-2969

Yutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer
(OpenSSL) library that can allow an attacker to perform active
protocol-version rollback attacks that could lead to the use of the
weaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS
1.0.

The following matrix explains which version in which distribution has
this problem corrected.

                oldstable (woody)      stable (sarge)     unstable (sid)
openssl          0.9.6c-2.woody.8       0.9.7e-3sarge1      0.9.8-3
openssl 094      0.9.4-6.woody.4             n/a              n/a
openssl 095      0.9.5a-6.woody.6            n/a              n/a
openssl 096           n/a               0.9.6m-1sarge1        n/a
openssl 097           n/a                    n/a            0.9.7g-5

We recommend that you upgrade your libssl packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/o/openssl095/openssl095_0.9.5a-6.woody.6.dsc
      Size/MD5 checksum:      631 06d702bf602bdf36e76ccf1d293e2755
    http://security.debian.org/pool/updates/main/o/openssl095/openssl095_0.9.5a-6.woody.6.diff.gz
      Size/MD5 checksum:    39425 bbc79b4a3b51c3407642a909924636b3
    http://security.debian.org/pool/updates/main/o/openssl095/openssl095_0.9.5a.orig.tar.gz
      Size/MD5 checksum:  1892089 99d22f1d4d23ff8b927f94a9df3997b4

  Alpha architecture:

    http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.6_alpha.deb
      Size/MD5 checksum:   497428 d7f43468426f4937d9f6f4f200b62ac4

  ARM architecture:

    http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.6_arm.deb
      Size/MD5 checksum:   402790 3b6d0893487c55369771219423b8acf0

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.6_i386.deb
      Size/MD5 checksum:   400034 11c30a4af4fb8f00848aff98caf4a721

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.6_m68k.deb
      Size/MD5 checksum:   377034 5bc6aa7ce2c912bf6b306db88044e58d

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.6_mips.deb
      Size/MD5 checksum:   412864 ca4c4ace9a42844cfd93320f6438895a

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.6_mipsel.deb
      Size/MD5 checksum:   407678 ca10a64a6c760d2e45f2a1cdfa33ed1e

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.6_powerpc.deb
      Size/MD5 checksum:   425740 106ba99bf991c3e8864d414be25a92e4

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/o/openssl095/libssl095a_0.9.5a-6.woody.6_sparc.deb
      Size/MD5 checksum:   412474 1abb2a98b00c638cf88cead55ec5959f


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDa087W5ql+IAeqTIRAnAZAKCOLyaJHACQRNsDAQCT9v1uDUh/PQCdE21J
P2lza1cE34ISntH0x71nruA=
=vSg3
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F41281)

Debian Linux Security Advisory 881-1 (PacketStormID:F41281)
2005-11-04 00:00:00
Debian  security.debian.org
advisory,protocol
linux,debian
CVE-2005-2969
[点击下载]

Debian Security Advisory DSA 881-1 - Yutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer (OpenSSL) library that can allow an attacker to perform active protocol-version rollback attacks that could lead to the use of the weaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS 1.0.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 881-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
November 4th, 2005                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : openssl096
Vulnerability  : cryptographic weakness
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2005-2969

Yutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer
(OpenSSL) library that can allow an attacker to perform active
protocol-version rollback attacks that could lead to the use of the
weaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS
1.0.

The following matrix explains which version in which distribution has
this problem corrected.

                oldstable (woody)      stable (sarge)     unstable (sid)
openssl          0.9.6c-2.woody.8       0.9.7e-3sarge1      0.9.8-3
openssl 094      0.9.4-6.woody.4             n/a              n/a
openssl 095      0.9.5a-6.woody.6            n/a              n/a
openssl 096           n/a               0.9.6m-1sarge1        n/a
openssl 097           n/a                    n/a            0.9.7g-5

We recommend that you upgrade your libssl packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m-1sarge1.dsc
      Size/MD5 checksum:      617 ce5f1e232a472723ca68499327b72dbb
    http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m-1sarge1.diff.gz
      Size/MD5 checksum:    18775 21461483c9dc895530bedc3b973faa07
    http://security.debian.org/pool/updates/main/o/openssl096/openssl096_0.9.6m.orig.tar.gz
      Size/MD5 checksum:  2184918 1b63bfdca1c37837dddde9f1623498f9

  Alpha architecture:

    http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_alpha.deb
      Size/MD5 checksum:  1964914 393db230e3682b76c3c9f36eb42264e6

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_amd64.deb
      Size/MD5 checksum:   577924 c07845bb45e5c3b75456f961e336eb13

  ARM architecture:

    http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_arm.deb
      Size/MD5 checksum:   518534 eea289b8dde19ac6c8c6cf7b30ea4eb1

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_i386.deb
      Size/MD5 checksum:  1754964 7b514ad94e57dc9fd6e4842b2946640d

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_ia64.deb
      Size/MD5 checksum:   814794 0c604b4b2f703c01173d140b95f61cd6

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_hppa.deb
      Size/MD5 checksum:   587272 01cbb27d7021792fd6570b2f466ce41a

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_m68k.deb
      Size/MD5 checksum:   476638 64e57e89c2efbe43db0ee00ae686413b

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_mips.deb
      Size/MD5 checksum:   576718 a05286b7d56e76bb6863987f9428cfa8

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_mipsel.deb
      Size/MD5 checksum:   568608 11f1592d26bc34ed8b2ecae3af730e04

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_powerpc.deb
      Size/MD5 checksum:   582352 48a678cc33b6b253be1dff5d8d7d23da

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_s390.deb
      Size/MD5 checksum:   602274 4b926097074513294652c4bef75f1f4f

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/o/openssl096/libssl0.9.6_0.9.6m-1sarge1_sparc.deb
      Size/MD5 checksum:  1458254 29c66b77c695f27f4f38dbdfbd51d320


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDaz/2W5ql+IAeqTIRAtZzAJ40qxSyF8zR3ed1C3WOANCtvwiMzACdHkUf
dUob6n3V6kc0TTwGTrwAjH0=
=l7iw
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息 (F41049)

Debian Linux Security Advisory 875-1 (PacketStormID:F41049)
2005-10-30 00:00:00
Debian  security.debian.org
advisory,protocol
linux,debian
CVE-2005-2969
[点击下载]

Debian Security Advisory DSA 875-1 - Yutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer (OpenSSL) library that can allow an attacker to perform active protocol-version rollback attacks that could lead to the use of the weaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS 1.0.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 875-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
October 27th, 2005                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : openssl094
Vulnerability  : cryptographic weakness
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2005-2969

Yutaka Oiwa discovered a vulnerability in the Open Secure Socket Layer
(OpenSSL) library that can allow an attacker to perform active
protocol-version rollback attacks that could lead to the use of the
weaker SSL 2.0 protocol even though both ends support SSL 3.0 or TLS
1.0.

The following matrix explains which version in which distribution has
this problem corrected.

                oldstable (woody)      stable (sarge)     unstable (sid)
openssl          0.9.6c-2.woody.8       0.9.7e-3sarge1      0.9.8-3
openssl 094      0.9.4-6.woody.4             n/a              n/a
openssl 095      0.9.5a-6.woody.6            n/a              n/a
openssl 096           n/a               0.9.6m-1sarge1        n/a
openssl 097           n/a                    n/a            0.9.7g-5

We recommend that you upgrade your libssl packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/o/openssl094/openssl094_0.9.4-6.woody.4.dsc
      Size/MD5 checksum:      624 2989b7b16a146a2f9a6ca52887bb2c3f
    http://security.debian.org/pool/updates/main/o/openssl094/openssl094_0.9.4-6.woody.4.diff.gz
      Size/MD5 checksum:    47116 a4db6a4e53d8f8703da86774768cb21c
    http://security.debian.org/pool/updates/main/o/openssl094/openssl094_0.9.4.orig.tar.gz
      Size/MD5 checksum:  1570392 72544daea16d6c99d656b95f77b01b2d

  Alpha architecture:

    http://security.debian.org/pool/updates/main/o/openssl094/libssl09_0.9.4-6.woody.4_alpha.deb
      Size/MD5 checksum:   445816 1eaa00c5cee084727d23a8169acdb705

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/o/openssl094/libssl09_0.9.4-6.woody.4_i386.deb
      Size/MD5 checksum:   358626 2d3f09ec2222ac497180a01facea470c

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/o/openssl094/libssl09_0.9.4-6.woody.4_powerpc.deb
      Size/MD5 checksum:   378870 58d0d41fa2005b5d05f49c557023c466


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDYJZpW5ql+IAeqTIRAu8zAKCZKeTsbp18kD+6dpno+xAvlT0D6gCguh3H
DQcg5cxf+sHJbhk4pT5uzBg=
=znal
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F40775)

usn-204-1.txt (PacketStormID:F40775)
2005-10-18 00:00:00
Martin Pitt  security.ubuntu.com
advisory
linux,ubuntu
CVE-2005-2969
[点击下载]

Ubuntu Security Notice USN-204-1 - Yutaka Oiwa discovered a possible cryptographic weakness in OpenSSL applications. Applications using the OpenSSL library can use the SSL_OP_MSIE_SSLV2_RSA_PADDING option (or SSL_OP_ALL, which implies the former) to maintain compatibility with third party products, which is achieved by working around known bugs in them.

===========================================================
Ubuntu Security Notice USN-204-1	   October 14, 2005
openssl vulnerability
CAN-2005-2969
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

libssl0.9.7

The problem can be corrected by upgrading the affected package to
version 0.9.7d-3ubuntu0.3 (for Ubuntu 4.10), 0.9.7e-3ubuntu0.2 (for
Ubuntu 5.04), or 0.9.7g-1ubuntu1.1 (for Ubuntu 5.10). Since the SSL
library is used by a lot of server and desktop applications, you
should restart your computer after a standard system upgrade to ensure
that all programs use the new library.

Details follow:

Yutaka Oiwa discovered a possible cryptographic weakness in OpenSSL
applications. Applications using the OpenSSL library can use the
SSL_OP_MSIE_SSLV2_RSA_PADDING option (or SSL_OP_ALL, which implies the
former) to maintain compatibility with third party products, which is
achieved by working around known bugs in them.

The SSL_OP_MSIE_SSLV2_RSA_PADDING option disabled a verification step
in the SSL 2.0 server supposed to prevent active protocol-version
rollback attacks.  With this verification step disabled, an attacker
acting as a "man in the middle" could force a client and a server to
negotiate the SSL 2.0 protocol even if these parties both supported
SSL 3.0 or TLS 1.0.  The SSL 2.0 protocol is known to have severe
cryptographic weaknesses and is supported as a fallback only.


Updated packages for Ubuntu 4.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7d-3ubuntu0.3.diff.gz
      Size/MD5:    26336 8c653140c8bb55141682f61b2c7ee0c4
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7d-3ubuntu0.3.dsc
      Size/MD5:      636 814be379aed42cf28e5e1714eacb5dea
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7d.orig.tar.gz
      Size/MD5:  2799796 533b7f758325d74c1e01e67994e3ae59

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7d-3ubuntu0.3_amd64.deb
      Size/MD5:  2676878 d46f388edf90aac95110357c4c7fb41e
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7d-3ubuntu0.3_amd64.deb
      Size/MD5:   697176 dfb423bccdf95e0251566c86747519ba
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7d-3ubuntu0.3_amd64.deb
      Size/MD5:   900108 5c62807221f03ec34aafe8753362d1dc

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7d-3ubuntu0.3_i386.deb
      Size/MD5:  2477644 9a6282952a58a0d963ea12dd80626305
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7d-3ubuntu0.3_i386.deb
      Size/MD5:  2153208 e49463b1a3ae79e586ebf522ed5d5ac1
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7d-3ubuntu0.3_i386.deb
      Size/MD5:   898780 ab5e0af7e6687f1ed7ad943c2a7edc00

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7d-3ubuntu0.3_powerpc.deb
      Size/MD5:  2759254 aa0ad1ec7ccdcab984c33f34ae04013d
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7d-3ubuntu0.3_powerpc.deb
      Size/MD5:   700982 d6bdb5e4c7b427278a5f6dd7115047e4
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7d-3ubuntu0.3_powerpc.deb
      Size/MD5:   904618 18578a43604449f15794852b32c55c9a

Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.2.diff.gz
      Size/MD5:    28853 653177acb3126d83a75863fef01f7618
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.2.dsc
      Size/MD5:      645 71ab340d8a9c5e09398fc5cae8b8f3a5
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e.orig.tar.gz
      Size/MD5:  3043231 a8777164bca38d84e5eb2b1535223474

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3ubuntu0.2_amd64.udeb
      Size/MD5:   495074 4aee5a5c1ea16cb37e4bd787daa17bb6
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7e-3ubuntu0.2_amd64.deb
      Size/MD5:  2693172 30ced54e4bddae466cc8a636729d4bf6
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7e-3ubuntu0.2_amd64.deb
      Size/MD5:   769494 bb2132ccc55fe686417fa58fe79366d5
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.2_amd64.deb
      Size/MD5:   903540 c38ed2ab04260cc37c861b4714a292e6

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3ubuntu0.2_i386.udeb
      Size/MD5:   433190 a1d3b3d83038c4867c3bbed914a7799c
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7e-3ubuntu0.2_i386.deb
      Size/MD5:  2492448 1c299b25caad322de3bbff442980d4fe
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7e-3ubuntu0.2_i386.deb
      Size/MD5:  2240404 fc002998c376102f4afef943e42921d7
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.2_i386.deb
      Size/MD5:   900980 d7d18142b2f888fb39c68a535e1797a5

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7e-3ubuntu0.2_powerpc.udeb
      Size/MD5:   499312 344fa2d38577e134300a6c66b7501ad5
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7e-3ubuntu0.2_powerpc.deb
      Size/MD5:  2774020 fa61cfb6691efb466d410868bcf70b33
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7e-3ubuntu0.2_powerpc.deb
      Size/MD5:   779142 8591771370630d0947159f20c66a7844
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7e-3ubuntu0.2_powerpc.deb
      Size/MD5:   908034 467656d782df126e20d87f28885481f7

Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.1.diff.gz
      Size/MD5:    29528 17b8067e74c9632969ab30e99ffefc27
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.1.dsc
      Size/MD5:      657 5e3a343c96d5a6b6ce28ea9051b503f3
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g.orig.tar.gz
      Size/MD5:  3132217 991615f73338a571b6a1be7d74906934

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7g-1ubuntu1.1_amd64.udeb
      Size/MD5:   498774 e1caefe81d127f3f5c74abe21009d26f
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubuntu1.1_amd64.deb
      Size/MD5:  2699040 46c0e7a3af787950ae94ecf8097e8c70
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ubuntu1.1_amd64.deb
      Size/MD5:   773056 efdf763408f1ab9e6ecbe46c2d7daabe
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.1_amd64.deb
      Size/MD5:   913184 7d9f78245ce33c1729a5a3ff7a5844fb

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7g-1ubuntu1.1_i386.udeb
      Size/MD5:   430626 2acb91427d4c850ebde301f7f0deac86
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubuntu1.1_i386.deb
      Size/MD5:  2479668 6296835c4d246c67fc7c8cd38c2ef00c
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ubuntu1.1_i386.deb
      Size/MD5:  2202870 9d1c03f452c3964ab9bd4054879d48f7
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.1_i386.deb
      Size/MD5:   904328 d6b94a9d5fbeaa792e4bb126930c82e2

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.7-udeb_0.9.7g-1ubuntu1.1_powerpc.udeb
      Size/MD5:   476188 46bbc413275d9954a42abcc518f65a0c
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.7g-1ubuntu1.1_powerpc.deb
      Size/MD5:  2655564 8b3f1df5908c9720333095c3755087cb
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.7_0.9.7g-1ubuntu1.1_powerpc.deb
      Size/MD5:   752528 0f788b91569d512d0c9520a178fdb2fa
    http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.7g-1ubuntu1.1_powerpc.deb
      Size/MD5:   909916 5ad57ad02371aa12f52a94cfcb433835
    

- 漏洞信息 (F40680)

Gentoo Linux Security Advisory 200510-11 (PacketStormID:F40680)
2005-10-13 00:00:00
Gentoo  security.gentoo.org
advisory,protocol
linux,gentoo
CVE-2005-2969
[点击下载]

Gentoo Linux Security Advisory GLSA 200510-11 - Applications setting the SSL_OP_MSIE_SSLV2_RSA_PADDING option (or the SSL_OP_ALL option, that implies it) can be forced by a third-party to fallback to the less secure SSL 2.0 protocol, even if both parties support the more secure SSL 3.0 or TLS 1.0 protocols. Versions less than 0.9.8-r1 are affected.

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig2C78AFA01260FBAF44BE697D
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200510-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Low
     Title: OpenSSL: SSL 2.0 protocol rollback
      Date: October 12, 2005
      Bugs: #108852
        ID: 200510-11

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

When using a specific option, OpenSSL can be forced to fallback to the
less secure SSL 2.0 protocol.

Background
==========

OpenSSL is a toolkit implementing the Secure Sockets Layer, Transport
Layer Security protocols and a general-purpose cryptography library.

Affected packages
=================

    -------------------------------------------------------------------
     Package           /  Vulnerable  /                     Unaffected
    -------------------------------------------------------------------
  1  dev-libs/openssl     < 0.9.8-r1                       >= 0.9.8-r1
                                                            *>= 0.9.7h
                                                         *>= 0.9.7g-r1
                                                         *>= 0.9.7e-r2

Description
===========

Applications setting the SSL_OP_MSIE_SSLV2_RSA_PADDING option (or the
SSL_OP_ALL option, that implies it) can be forced by a third-party to
fallback to the less secure SSL 2.0 protocol, even if both parties
support the more secure SSL 3.0 or TLS 1.0 protocols.

Impact
======

A man-in-the-middle attacker can weaken the encryption used to
communicate between two parties, potentially revealing sensitive
information.

Workaround
==========

If possible, disable the use of SSL 2.0 in all OpenSSL-enabled
applications.

Resolution
==========

All OpenSSL users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose dev-libs/openssl

References
==========

  [ 1 ] CAN-2005-2969
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2969
  [ 2 ] OpenSSL security advisory
        http://www.openssl.org/news/secadv_20051011.txt

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200510-11.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


--------------enig2C78AFA01260FBAF44BE697D
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDTPjWvcL1obalX08RAmD8AKCGJQGPnzxGCAsuDhxUQbI2mesWagCfaSJu
Eq1fnIZLcm4NQKmC9u5aWXk=
=YyyF
-----END PGP SIGNATURE-----

--------------enig2C78AFA01260FBAF44BE697D--
    

- 漏洞信息 (F40651)

secadv_20051011.txt (PacketStormID:F40651)
2005-10-12 00:00:00
 
advisory,protocol
CVE-2005-2969
[点击下载]

OpenSSL Security Advisory - A vulnerability has been found in all previously released versions of OpenSSL (all versions up to 0.9.7h and 0.9.8a). Versions 0.9.7h and 0.9.8a have been released to address the issue. The vulnerability potentially affects applications that use the SSL/TLS server implementation provided by OpenSSL. Such applications are affected if they use the option SSL_OP_MSIE_SSLV2_RSA_PADDING. This option is implied by use of SSL_OP_ALL, which is intended to work around various bugs in third-party software that might prevent interoperability. The SSL_OP_MSIE_SSLV2_RSA_PADDING option disables a verification step in the SSL 2.0 server supposed to prevent active protocol-version rollback attacks. With this verification step disabled, an attacker acting as a man in the middle can force a client and a server to negotiate the SSL 2.0 protocol even if these parties both support SSL 3.0 or TLS 1.0. The SSL 2.0 protocol is known to have severe cryptographic weaknesses and is supported as a fallback only.

OpenSSL Security Advisory [11 October 2005]

Potential SSL 2.0 Rollback (CAN-2005-2969)
==========================================

CONTENTS

 - Vulnerability
 - Recommendations
 - Acknowledgement
 - References


Vulnerability
-------------

A vulnerability has been found in all previously released versions of
OpenSSL (all versions up to 0.9.7h and 0.9.8a).  Versions 0.9.7h and
0.9.8a have been released to address the issue.  The vulnerability
potentially affects applications that use the SSL/TLS server
implementation provided by OpenSSL.

Such applications are affected if they use the option
SSL_OP_MSIE_SSLV2_RSA_PADDING.  This option is implied by use of
SSL_OP_ALL, which is intended to work around various bugs in
third-party software that might prevent interoperability.  The
SSL_OP_MSIE_SSLV2_RSA_PADDING option disables a verification step in
the SSL 2.0 server supposed to prevent active protocol-version
rollback attacks.  With this verification step disabled, an attacker
acting as a "man in the middle" can force a client and a server to
negotiate the SSL 2.0 protocol even if these parties both support SSL
3.0 or TLS 1.0.  The SSL 2.0 protocol is known to have severe
cryptographic weaknesses and is supported as a fallback only.

Applications using neither SSL_OP_MSIE_SSLV2_RSA_PADDING nor
SSL_OP_ALL are not affected.  Also, applications that disable
use of SSL 2.0 are not affected.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-2969 to this issue.

Recommendations
---------------

There are multiple ways to avoid this vulnerability.  Any one of the
following measures is sufficient.

1.  Disable SSL 2.0 in the OpenSSL-based application.

    The vulnerability occurs only if the old protocol version SSL 2.0
    is enabled both in an OpenSSL server and in any of the clients
    (OpenSSL-based or not) connecting to it.  Thus, if you have
    disabled SSL 2.0, the vulnerability does not apply to you.
    Generally, it is strongly recommended to disable the SSL 2.0
    protocol because of its known weaknesses.

2.  Upgrade the OpenSSL server software.

    The vulnerability is resolved in the following versions of OpenSSL:

     - in the 0.9.7 branch, version 0.9.7h (or later);
     - in the 0.9.8 branch, version 0.9.8a (or later).

    OpenSSL 0.9.8a and OpenSSL 0.9.7h are available for download via
    HTTP and FTP from the following master locations (you can find the
    various FTP mirrors under http://www.openssl.org/source/mirror.html):

        o http://www.openssl.org/source/
        o ftp://ftp.openssl.org/source/

    The distribution file names are:

        o openssl-0.9.8a.tar.gz
          MD5 checksum: 1d16c727c10185e4d694f87f5e424ee1
          SHA1 checksum: 2aaba0f728179370fb3e86b43209205bc6c06a3a

        o openssl-0.9.7h.tar.gz
          MD5 checksum: 8dc90a113eb8925795071fbe52b2932c
          SHA1 checksum: 9fe535fce89af967b29c4727dedd25f2b4cc2f0d
    
    The checksums were calculated using the following commands:

        openssl md5 openssl-0.9*.tar.gz
        openssl sha1 openssl-0.9*.tar.gz

    If this version upgrade is not an option at the present time,
    alternatively the following patch may be applied to the OpenSSL
    source code to resolve the problem.  The patch is compatible with
    the 0.9.6, 0.9.7, and 0.9.8 branches of OpenSSL.

        o http://www.openssl.org/news/patch-CAN-2005-2969.txt

    Whether you choose to upgrade to a new version or to apply the
    patch, make sure to recompile any applications statically linked
    to OpenSSL libraries if these applications use the OpenSSL
    SSL/TLS server implementation.    


Acknowledgement
---------------

The OpenSSL team thank Yutaka Oiwa of the Research Center for
Information Security, National Institute of Advanced Industrial
Science and Technology (AIST), Japan, for alerting us about this
problem.


References
----------

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2969

URL for this Security Advisory:
http://www.openssl.org/news/secadv_20051011.txt
    

- 漏洞信息 (F40641)

Mandriva Linux Security Advisory 2005.179 (PacketStormID:F40641)
2005-10-12 00:00:00
Mandriva  mandriva.com
advisory
linux,mandriva
CVE-2005-2946,CVE-2005-2969
[点击下载]

Mandriva Linux Security Update Advisory - Yutaka Oiwa discovered vulnerability potentially affects applications that use the SSL/TLS server implementation provided by OpenSSL.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           openssl
 Advisory ID:            MDKSA-2005:179
 Date:                   October 11th, 2005

 Affected versions:	 10.1, 10.2, 2006.0, Corporate 3.0,
			 Corporate Server 2.1,
			 Multi Network Firewall 2.0
 ______________________________________________________________________

 Problem Description:

 Yutaka Oiwa discovered vulnerability potentially affects applications 
 that use the SSL/TLS server implementation provided by OpenSSL.
 
 Such applications are affected if they use the option 
 SSL_OP_MSIE_SSLV2_RSA_PADDING.  This option is implied by use of
 SSL_OP_ALL, which is intended to work around various bugs in third-
 party software that might prevent interoperability.  The
 SSL_OP_MSIE_SSLV2_RSA_PADDING option disables a verification step in
 the SSL 2.0 server supposed to prevent active protocol-version rollback
 attacks.  With this verification step disabled, an attacker acting as
 a "man in the middle" can force a client and a server to negotiate the
 SSL 2.0 protocol even if these parties both support SSL 3.0 or TLS 1.0.
 The SSL 2.0 protocol is known to have severe cryptographic weaknesses
 and is supported as a fallback only. (CAN-2005-2969)
 
 The current default algorithm for creating "message digests"
 (electronic signatures) for certificates created by openssl is MD5.
 However, this algorithm is not deemed secure any more, and some
 practical attacks have been demonstrated which could allow an attacker
 to forge certificates with a valid certification authority signature
 even if he does not know the secret CA signing key.
 
 To address this issue, openssl has been changed to use SHA-1 by
 default. This is a more appropriate default algorithm for the majority
 of use cases.  If you still want to use MD5 as default, you can revert
 this change by changing the two instances of "default_md = sha1" to
 "default_md = md5" in /usr/{lib,lib64}/ssl/openssl.cnf. (CAN-2005-2946)
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2946
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2969
 ______________________________________________________________________

 Updated Packages:
  
 Mandrivalinux 10.1:
 2fa715275a4a918b15eb02e402b755bc  10.1/RPMS/libopenssl0.9.7-0.9.7d-1.3.101mdk.i586.rpm
 1912f9be0eccc4b2903616ac2c0d5103  10.1/RPMS/libopenssl0.9.7-devel-0.9.7d-1.3.101mdk.i586.rpm
 4d51641d38b5e0e8c6be5fcc211ffa3b  10.1/RPMS/libopenssl0.9.7-static-devel-0.9.7d-1.3.101mdk.i586.rpm
 6e40220d7461ad8e711aa2ee5a772b1f  10.1/RPMS/openssl-0.9.7d-1.3.101mdk.i586.rpm
 abb721aa2ccf15e555c4f84981366022  10.1/SRPMS/openssl-0.9.7d-1.3.101mdk.src.rpm

 Mandrivalinux 10.1/X86_64:
 5b820a306004c31fcac518aec78bfea3  x86_64/10.1/RPMS/lib64openssl0.9.7-0.9.7d-1.3.101mdk.x86_64.rpm
 4b506c7086fd330fde0fe724a5bd865c  x86_64/10.1/RPMS/lib64openssl0.9.7-devel-0.9.7d-1.3.101mdk.x86_64.rpm
 9fb820e394e6da5db74a60d7062a6c23  x86_64/10.1/RPMS/lib64openssl0.9.7-static-devel-0.9.7d-1.3.101mdk.x86_64.rpm
 f113ec9a24627d354eaa37db78784d31  x86_64/10.1/RPMS/openssl-0.9.7d-1.3.101mdk.x86_64.rpm
 abb721aa2ccf15e555c4f84981366022  x86_64/10.1/SRPMS/openssl-0.9.7d-1.3.101mdk.src.rpm

 Mandrivalinux 10.2:
 7448f1bd46305af8ca09c794828bc14d  10.2/RPMS/libopenssl0.9.7-0.9.7e-5.2.102mdk.i586.rpm
 dd17f238c7c4eeb93f330794d28fef20  10.2/RPMS/libopenssl0.9.7-devel-0.9.7e-5.2.102mdk.i586.rpm
 4d6b82c86b3b7430273e9f7804b448f3  10.2/RPMS/libopenssl0.9.7-static-devel-0.9.7e-5.2.102mdk.i586.rpm
 ec6b0d749ed3f7c8b2ee48cea5c104f5  10.2/RPMS/openssl-0.9.7e-5.2.102mdk.i586.rpm
 14554b0fff0abfe1da54b8f9c68c8a75  10.2/SRPMS/openssl-0.9.7e-5.2.102mdk.src.rpm

 Mandrivalinux 10.2/X86_64:
 a34fa268399bce8d59b185df255f1d19  x86_64/10.2/RPMS/lib64openssl0.9.7-0.9.7e-5.2.102mdk.x86_64.rpm
 3f403f1c36d53bb35174c04badbea2d9  x86_64/10.2/RPMS/lib64openssl0.9.7-devel-0.9.7e-5.2.102mdk.x86_64.rpm
 68d2a4a298fd37719343c4ade853e22d  x86_64/10.2/RPMS/lib64openssl0.9.7-static-devel-0.9.7e-5.2.102mdk.x86_64.rpm
 8b53d1949aa30ca813f27c5dd3bb1062  x86_64/10.2/RPMS/openssl-0.9.7e-5.2.102mdk.x86_64.rpm
 14554b0fff0abfe1da54b8f9c68c8a75  x86_64/10.2/SRPMS/openssl-0.9.7e-5.2.102mdk.src.rpm

 Mandrivalinux 2006.0:
 bc7f3ba61af3334757c65e1682eb0065  2006.0/RPMS/libopenssl0.9.7-0.9.7g-2.1.20060mdk.i586.rpm
 a15b20362dd7437ff974642af0756d79  2006.0/RPMS/libopenssl0.9.7-devel-0.9.7g-2.1.20060mdk.i586.rpm
 65bab77540badadc2152d7803d13c63f  2006.0/RPMS/libopenssl0.9.7-static-devel-0.9.7g-2.1.20060mdk.i586.rpm
 d06fa459cf871d890bf3a4ff22b85cd7  2006.0/RPMS/openssl-0.9.7g-2.1.20060mdk.i586.rpm
 fc0ed1a9eab0dfdb3f35c3cdb46004e8  2006.0/SRPMS/openssl-0.9.7g-2.1.20060mdk.src.rpm

 Mandrivalinux 2006.0/X86_64:
 3b54d300cf1b6889d764e36660d3542d  x86_64/2006.0/RPMS/lib64openssl0.9.7-0.9.7g-2.1.20060mdk.x86_64.rpm
 aa8e520156a9d878ed43179dfcc5210f  x86_64/2006.0/RPMS/lib64openssl0.9.7-devel-0.9.7g-2.1.20060mdk.x86_64.rpm
 8bece33914331ad81e9e88dfef1b4319  x86_64/2006.0/RPMS/lib64openssl0.9.7-static-devel-0.9.7g-2.1.20060mdk.x86_64.rpm
 4a654cfa16e31f450493e59de0cb372c  x86_64/2006.0/RPMS/openssl-0.9.7g-2.1.20060mdk.x86_64.rpm
 fc0ed1a9eab0dfdb3f35c3cdb46004e8  x86_64/2006.0/SRPMS/openssl-0.9.7g-2.1.20060mdk.src.rpm

 Multi Network Firewall 2.0:
 60451a13eb787c55a9463322b6bdb419  mnf/2.0/RPMS/libopenssl0.9.7-0.9.7c-3.3.M20mdk.i586.rpm
 3a5dae5ff129437461180df9a8dd5b0b  mnf/2.0/RPMS/openssl-0.9.7c-3.3.M20mdk.i586.rpm
 c89dcc035040ed512ab2823b978b5205  mnf/2.0/SRPMS/openssl-0.9.7c-3.3.M20mdk.src.rpm

 Corporate Server 2.1:
 7ce23e8906c2001f93afdbdb544a5659  corporate/2.1/RPMS/libopenssl0-0.9.6i-1.10.C21mdk.i586.rpm
 26e569e8dd0598bd5f55d1a954989e7b  corporate/2.1/RPMS/libopenssl0-devel-0.9.6i-1.10.C21mdk.i586.rpm
 c54a45b3cf589095382c1399f0435353  corporate/2.1/RPMS/libopenssl0-static-devel-0.9.6i-1.10.C21mdk.i586.rpm
 bc5ff8f4e044678c40b5bae08b263216  corporate/2.1/RPMS/openssl-0.9.6i-1.10.C21mdk.i586.rpm
 6fa6d2e82bffdf044663ccd40b14bba3  corporate/2.1/SRPMS/openssl-0.9.6i-1.10.C21mdk.src.rpm

 Corporate Server 2.1/X86_64:
 4b85f119fb4908f785ee5e4cd6f81312  x86_64/corporate/2.1/RPMS/libopenssl0-0.9.6i-1.10.C21mdk.x86_64.rpm
 d366f2f72a511fbb4887de0d17303339  x86_64/corporate/2.1/RPMS/libopenssl0-devel-0.9.6i-1.10.C21mdk.x86_64.rpm
 b3a4d7295c802dc5a486022bffe8f8aa  x86_64/corporate/2.1/RPMS/libopenssl0-static-devel-0.9.6i-1.10.C21mdk.x86_64.rpm
 cd0e605ae88e746d8124f550ff26c723  x86_64/corporate/2.1/RPMS/openssl-0.9.6i-1.10.C21mdk.x86_64.rpm
 6fa6d2e82bffdf044663ccd40b14bba3  x86_64/corporate/2.1/SRPMS/openssl-0.9.6i-1.10.C21mdk.src.rpm

 Corporate 3.0:
 e77b2aeadf368cac390fda472f96f76d  corporate/3.0/RPMS/libopenssl0.9.7-0.9.7c-3.3.C30mdk.i586.rpm
 e3e077097643c9247b0e866c0ea08c9d  corporate/3.0/RPMS/libopenssl0.9.7-devel-0.9.7c-3.3.C30mdk.i586.rpm
 eb61ee6a8464a43e951102fa5a9df4b0  corporate/3.0/RPMS/libopenssl0.9.7-static-devel-0.9.7c-3.3.C30mdk.i586.rpm
 fa6ce3b5dc685d567040061676d047ba  corporate/3.0/RPMS/openssl-0.9.7c-3.3.C30mdk.i586.rpm
 502e04472212778c866211c6179f4127  corporate/3.0/SRPMS/openssl-0.9.7c-3.3.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 bdc1b94ef64f4c0c02948d8ec08184b1  x86_64/corporate/3.0/RPMS/lib64openssl0.9.7-0.9.7c-3.3.C30mdk.x86_64.rpm
 f2b65309719e499eb1a9d9f857c51921  x86_64/corporate/3.0/RPMS/lib64openssl0.9.7-devel-0.9.7c-3.3.C30mdk.x86_64.rpm
 48e9d2cd78e4a44a4bd61542a47f2d5b  x86_64/corporate/3.0/RPMS/lib64openssl0.9.7-static-devel-0.9.7c-3.3.C30mdk.x86_64.rpm
 3aef366b6921b180f304ae1a8c10ba78  x86_64/corporate/3.0/RPMS/openssl-0.9.7c-3.3.C30mdk.x86_64.rpm
 502e04472212778c866211c6179f4127  x86_64/corporate/3.0/SRPMS/openssl-0.9.7c-3.3.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDTKeomqjQ0CJFipgRAu3NAKDlk6fzLxUqtjUzDcV7IkgF/vKLdQCgwCki
DUI4033wSRXeFbCegR++iRo=
=7gQt
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息

19919
OpenSSL SSL_OP_ALL SSL 2.0 Verification Weakness
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-10-11 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

JP1/HiCommand Series Products OpenSSL Insecure Protocol Negotiation Weakness
Design Error 24799
Yes No
2007-07-06 12:00:00 2008-08-25 11:15:00
The vendor reported this issue.

- 受影响的程序版本

RedHat Red Hat Network Satellite (for RHEL 4) 5.1
Red Hat Red Hat Network Satellite Server 4.2
Hitachi JP1/HiCommand Tiered Storage Manager 05-50
Hitachi JP1/HiCommand Tiered Storage Manager 05-30
Hitachi JP1/HiCommand Tiered Storage Manager 04-00
Hitachi JP1/HiCommand Replication Monitor 04-00
Hitachi JP1/HiCommand GlobalLink Availability Manager 05-00
Hitachi JP1/HiCommand Device Manager (Linux) 05.10
Hitachi JP1/Hi Command Tiered Storage Manager (Solaris) 4.3
Hitachi JP1/Hi Command Device Manager 05.50
Hitachi JP1/Hi Command Device Manager 02.30

- 漏洞讨论

JP1/HiCommand Series Products are prone to a remote protocol-negotiation weakness due to a design error.

Successful exploits may allow an attacker connecting to the affected server to replace the SSL 3 or TLS 1 protocol with the SSL 2 protocol. This may allow the attacker to exploit insecurities in SSL version 2 to gain access to or tamper with the clear-text communications between the targeted client and server.

NOTE: This issue may be related to BID 15071 (OpenSSL Insecure Protocol Negotiation Weakness).

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 解决方案

The vendor has released fixes to address this issue. Please see the references for more information.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站