JVNDB-2005-000601

OpenSSL version rollback vulnerability

OpenSSL from OpenSSL Project contains a version rollback vulnerability. If a specific option is used on a server running OpenSSL, an attacker can force the client and the server to negotiate the SSL 2.0 protocol even if these parties both request TLS 1.0 protocol by crafting an attack on the communication path.

RFC 2246, defining the TLS protocol, defines that when TLS 1.0 is available, SSL 2.0 should not be used in order to avoid version rollback attacks.

Base Metrics: 2.6 (Low) [IPA Score]

• Access Vector: Network
• Access Complexity: High
• Authentication: None
• Confidentiality Impact: None
• Integrity Impact: Partial
• Availability Impact: None

OpenSSL Project,

• OpenSSL 0.9.8 and earlier

Sun Microsystems, Inc.

• Sun Solaris 10 (SPARC)
• Sun Solaris 10 (x86)

Turbolinux, Inc.

• Turbolinux 10 Server
• Turbolinux 10 Server x64 Edition
• Turbolinux 11 Server
• Turbolinux 11 Server x64 Edition
• Turbolinux 8 Server
• Turbolinux Appliance Server 1.0 Hosting Edition
• Turbolinux Appliance Server 1.0 Workgroup Edition
• Turbolinux Appliance Server 2.0
• Turbolinux FUJI
• Turbolinux Multimedia
• Turbolinux Personal
• wizpy

Trend Micro, Inc.

• TrendMicro InterScan Messaging Security Suite for Linux 5.11
• TrendMicro InterScan Messaging Security Suite for Solaris 5.11
• TrendMicro InterScan VirusWall 3.81 and earlier
• TrendMicro InterScan Web Security Suite for Linux 1.02
• TrendMicro InterScan Web Security Suite for Solaris 1.1
• TrendMicro InterScan Web Security Suite for Windows 1.01

Hewlett-Packard Development Company, L.P

• HP-UX 11.00
• HP-UX 11.11
• HP-UX 11.23

MIRACLE LINUX CORPORATION

• MIRACLE LINUX V2.0 Standard Edition
• MIRACLE LINUX V2.1 Standard Edition
• MIRACLE LINUX V3.0
• MIRACLE LINUX V3.0 for x86-64
• MIRACLE LINUX V4.0
• MIRACLE LINUX V4.0 for x86-64

Red Hat, Inc.

• Red Hat Enterprise Linux AS (v.2.1)
• Red Hat Enterprise Linux AS (v.3)
• Red Hat Enterprise Linux AS (v.4)
• Red Hat Enterprise Linux ES (v.2.1)
• Red Hat Enterprise Linux ES (v.3)
• Red Hat Enterprise Linux ES (v.4)
• Red Hat Enterprise Linux WS (v.2.1)
• Red Hat Enterprise Linux WS (v.3)
• Red Hat Enterprise Linux WS (v.4)
• Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor

FUJITSU

• IPCOM Series
• FMSE-C301

When performing communication through a path controlled by an attacker using OpenSSL, the attacker conducting a man-in-the-middle (MITM) attack can force a client and a server to negotiate the SSL 2.0 protocol even if these parties both support SSL 3.0 or TLS 1.0 to intercept or alter data.

OpenSSL Project,

• OpenSSL Security Advisory : secadv_20051011

Sun Microsystems, Inc.

• Sun Alert Notification : 101974

Century Systems Co., Ltd.

• FutureNet Support : JVN#23632449 (Japanese)

Turbolinux, Inc.

• Turbolinux Security Advisory : TLSA-2007-52

Trend Micro, Inc.

• Trend Micro ReadMe Documentation : readme_imss511_sol_patch4
• Trend Micro ReadMe Documentation : readme_imss511_lin_patch4
• Trend Micro ReadMe Documentation : readme_iwss101_win_patch4_b1502
• Trend Micro ReadMe Documentation : readme_iwss11_sol_patch4_b1126
• Trend Micro ReadMe Documentation : readme_iwss102_lin_patch4_b2013
• Trend Micro ReadMe Documentation : isux_381_sol_en_patch4_readme
• Trend Micro ReadMe Documentation : isux_38_sol_en_patch4_readme

Hewlett-Packard Development Company, L.P

• HP Security Bulletin : HPSBUX02174
• HP Security Bulletin : HPSBUX02186

MIRACLE LINUX CORPORATION

• MIRACLE LINUX Update Information : AXSA-2005-97:1 (Japanese)

Red Hat, Inc.

• Red Hat Security Advisory : RHSA-2005:800

FUJITSU

• FUJITSU Security Information : 20061024 (Japanese)
• FUJITSU Security Information : JVN#23632449 (Japanese)

1. CVE-2005-2969

1. JVN : JVN#23632449
2. National Vulnerability Database (NVD) : CVE-2005-2969
3. Secunia Advisory : SA17151
4. SecurityFocus : 15071
5. SecuriTeam : 6Y00D0AEBW
6. FrSIRT Advisories : FrSIRT/ADV-2005-2036

[2008/05/21]
  Web page published