[Japanese]

JVNDB-2005-000601

OpenSSL version rollback vulnerability

Overview

OpenSSL from OpenSSL Project contains a version rollback vulnerability. If a specific option is used on a server running OpenSSL, an attacker can force the client and the server to negotiate the SSL 2.0 protocol even if these parties both request TLS 1.0 protocol by crafting an attack on the communication path.

RFC 2246, defining the TLS protocol, defines that when TLS 1.0 is available, SSL 2.0 should not be used in order to avoid version rollback attacks.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 2.6 (Low) [IPA Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


OpenSSL Project
  • OpenSSL 0.9.8 and earlier
Sun Microsystems, Inc.
  • Sun Solaris 10 (sparc)
  • Sun Solaris 10 (x86)
Turbolinux, Inc.
  • Turbolinux Appliance Server 1.0 (hosting)
  • Turbolinux Appliance Server 1.0 (workgroup)
  • Turbolinux Appliance Server 2.0
  • Turbolinux FUJI
  • Turbolinux Multimedia
  • Turbolinux Personal
  • Turbolinux Server 10
  • Turbolinux Server 10 (x64)
  • Turbolinux Server 11
  • Turbolinux Server 11 (x64)
  • Turbolinux Server 8
  • wizpy
Trend Micro, Inc.
  • InterScan Messaging Security Suite for Linux 5.11
  • InterScan Messaging Security Suite for Solaris 5.11
  • TrendMicro InterScan VirusWall 3.81 and earlier
  • TrendMicro InterScan Web Security Suite for Linux 1.02
  • TrendMicro InterScan Web Security Suite for Solaris 1.1
  • TrendMicro InterScan Web Security Suite for Windows 1.01
Hewlett-Packard Development Company, L.P
  • HP-UX 11.00
  • HP-UX 11.11
  • HP-UX 11.23
MIRACLE LINUX CORPORATION
  • Asianux Server 2.0 Standard Edition
  • Asianux Server 2.1 Standard Edition
  • Asianux Server 3.0
  • Asianux Server 3.0 (x86-64)
  • Asianux Server 4.0
  • Asianux Server 4.0 (x86-64)
Red Hat, Inc.
  • Red Hat Enterprise Linux 2.1 (as)
  • Red Hat Enterprise Linux 3 (as)
  • Red Hat Enterprise Linux 4 (as)
  • Red Hat Enterprise Linux 2.1 (es)
  • Red Hat Enterprise Linux 3 (es)
  • Red Hat Enterprise Linux 4 (es)
  • Red Hat Enterprise Linux 2.1 (ws)
  • Red Hat Enterprise Linux 3 (ws)
  • Red Hat Enterprise Linux 4 (ws)
  • Red Hat Linux Advanced Workstation 2.1
Hitachi, Ltd
  • Cosminexus Application Server Enterprise Version 6
  • Cosminexus Application Server Standard Version 6
  • Cosminexus Application Server Version 5
  • Cosminexus Developer Light Version 6
  • Cosminexus Developer Professional Version 6
  • Cosminexus Developer Standard Version 6
  • Cosminexus Developer Version 5
  • Cosminexus Server - Enterprise Edition
  • Cosminexus Server - Standard Edition
  • Cosminexus Server - Standard Edition Version 4
  • Cosminexus Server - Web Edition
  • Cosminexus Server - Web Edition Version 4
  • Hitachi Web Server
  • Hitachi Web Server - Custom Edition
  • Hitachi Web Server - Security Enhancement
  • Hitachi Web Server for VOS3
  • uCosminexus Application Server Enterprise
  • uCosminexus Application Server Smart Edition
  • uCosminexus Application Server Standard
  • uCosminexus Developer Professional
  • uCosminexus Developer Light
  • uCosminexus Developer Standard
  • uCosminexus Service Architect
  • uCosminexus Service Platform
FUJITSU
  • IPCOM Series
  • FMSE-C301

Please refer to HS06-022 provided by Hitachi for more details.
Impact

When performing communication through a path controlled by an attacker using OpenSSL, the attacker conducting a man-in-the-middle (MITM) attack can force a client and a server to negotiate the SSL 2.0 protocol even if these parties both support SSL 3.0 or TLS 1.0 to intercept or alter data.
Solution

Vendor Information

OpenSSL Project Sun Microsystems, Inc.
  • Sun Alert Notification : 101974
Century Systems Co., Ltd. Turbolinux, Inc. Trend Micro, Inc. Hewlett-Packard Development Company, L.P MIRACLE LINUX CORPORATION Red Hat, Inc. Hitachi, Ltd
  • Hitachi Software Vulnerability Information : HS06-022
FUJITSU
  • FUJITSU Security Information : 20061024 (in Japanese)
  • FUJITSU Security Information : JVN#23632449 (in Japanese)
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2005-2969
References

  1. JVN : JVN#23632449
  2. National Vulnerability Database (NVD) : CVE-2005-2969
  3. Secunia Advisory : SA17151
  4. SecurityFocus : 15071
  5. SecuriTeam : 6Y00D0AEBW
  6. FrSIRT Advisories : FrSIRT/ADV-2005-2036
Revision History

  • [2008/05/21]
      Web page published
    [2014/05/22]
      Affected Products : Products were added
      Vendor Information : Content was added