CVE-2005-2969

Description

The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack.

5.0

CVSS

Severity: Medium

CVSS 2.0 •

EPSS 8.92% Top 10%

Vendor Advisory novell.com Vendor Advisory debian.org Vendor Advisory debian.org Vendor Advisory cisco.com Vendor Advisory hp.com Vendor Advisory trustix.org Vendor Advisory redhat.com Vendor Advisory apple.com Vendor Advisory mandriva.com Vendor Advisory debian.org Vendor Advisory hp.com Vendor Advisory sun.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory openssl.org

Affected: n/a n/a

References

Link	Tags
http://secunia.com/advisories/17259	third party advisory
http://secunia.com/advisories/23915	third party advisory
http://www.novell.com/linux/security/advisories/2005_61_openssl.html	vendor advisory
http://secunia.com/advisories/26893	third party advisory
http://secunia.com/advisories/17389	third party advisory
http://www.vupen.com/english/advisories/2005/3056	vdb entry
http://www.vupen.com/english/advisories/2007/2457	vdb entry
http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm
http://secunia.com/advisories/17813	third party advisory
http://www.securityfocus.com/bid/15071	vdb entry
http://secunia.com/advisories/18165	third party advisory
http://secunia.com/advisories/23340	third party advisory
http://secunia.com/advisories/18123	third party advisory
http://www.debian.org/security/2005/dsa-881	vendor advisory
http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVHMCHMC_C081516_754
http://www.hitachi-support.com/security_e/vuls_e/HS07-016_e/index-e.html
http://www.vupen.com/english/advisories/2005/2659	vdb entry
http://www.securityfocus.com/bid/24799	vdb entry
http://www.debian.org/security/2005/dsa-882	vendor advisory
http://www.cisco.com/warp/public/707/cisco-response-20051202-openssl.shtml	vendor advisory
http://secunia.com/advisories/17153	third party advisory
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540	vendor advisory
http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html	vendor advisory
http://secunia.com/advisories/17191	third party advisory
http://www.vupen.com/english/advisories/2005/2908	vdb entry
http://securitytracker.com/id?1015032	vdb entry
https://issues.rpath.com/browse/RPL-1633
http://secunia.com/advisories/17344	third party advisory
http://secunia.com/advisories/19185	third party advisory
http://www.vupen.com/english/advisories/2005/2036	vdb entry
http://www.juniper.net/support/security/alerts/PSN-2005-12-025.txt
http://secunia.com/advisories/17589	third party advisory
http://www.vupen.com/english/advisories/2005/2710	vdb entry
http://www.vupen.com/english/advisories/2005/3002	vdb entry
http://secunia.com/advisories/31492	third party advisory
http://secunia.com/advisories/17466	third party advisory
http://www.redhat.com/support/errata/RHSA-2008-0629.html	vendor advisory
http://secunia.com/advisories/17146	third party advisory
http://secunia.com/advisories/17169	third party advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/35287	vdb entry
http://www.vupen.com/english/advisories/2007/0343	vdb entry
http://support.avaya.com/elmodocs2/security/ASA-2006-031.htm
http://secunia.com/advisories/23280	third party advisory
http://docs.info.apple.com/article.html?artnum=302847	vendor advisory
http://secunia.com/advisories/23843	third party advisory
http://secunia.com/advisories/17189	third party advisory
http://secunia.com/advisories/21827	third party advisory
http://secunia.com/advisories/17288	third party advisory
ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers/dir5.10.3_docs_relnotes.pdf
http://www.mandriva.com/security/advisories?name=MDKSA-2005:179	vendor advisory
http://secunia.com/advisories/17632	third party advisory
http://www.vupen.com/english/advisories/2007/0326	vdb entry
http://secunia.com/advisories/17409	third party advisory
http://secunia.com/advisories/25973	third party advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11454	vdb entry signature
http://secunia.com/advisories/17888	third party advisory
http://secunia.com/advisories/17210	third party advisory
http://www.debian.org/security/2005/dsa-875	vendor advisory
http://www.vupen.com/english/advisories/2006/3531	vdb entry
http://www.openssl.org/news/secadv_20051011.txt	patch vendor advisory
http://secunia.com/advisories/17178	third party advisory
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100	vendor advisory
http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html
http://secunia.com/advisories/17432	third party advisory
http://secunia.com/advisories/17180	third party advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101974-1	vendor advisory
http://www.securityfocus.com/bid/15647	vdb entry
http://secunia.com/advisories/17335	third party advisory
http://www.redhat.com/support/errata/RHSA-2005-762.html	vendor advisory
http://www.redhat.com/support/errata/RHSA-2005-800.html	vendor advisory
http://secunia.com/advisories/17151	third party advisory
http://secunia.com/advisories/18663	third party advisory
http://secunia.com/advisories/17617	third party advisory
http://secunia.com/advisories/18045	third party advisory

Frequently Asked Questions

What is the severity of CVE-2005-2969?: CVE-2005-2969 has been scored as a medium severity vulnerability.
How to fix CVE-2005-2969?: To fix CVE-2005-2969, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2005-2969 being actively exploited in the wild?: It is possible that CVE-2005-2969 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~9% probability that this vulnerability will be exploited by malicious actors in the next 30 days.