CVE-2005-2969

Source
https://nvd.nist.gov/vuln/detail/CVE-2005-2969
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2005-2969.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2005-2969
Related
Published
2005-10-18T21:02:00Z
Modified
2024-06-30T12:01:22Z
Summary
[none]
Details

The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSLOPMSIESSLV2RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack.

References

Affected packages

Debian:11 / openssl

Package

Name
openssl
Purl
pkg:deb/debian/openssl?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.9.8-3

Ecosystem specific

{
    "urgency": "low"
}

Debian:12 / openssl

Package

Name
openssl
Purl
pkg:deb/debian/openssl?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.9.8-3

Ecosystem specific

{
    "urgency": "low"
}

Debian:13 / openssl

Package

Name
openssl
Purl
pkg:deb/debian/openssl?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.9.8-3

Ecosystem specific

{
    "urgency": "low"
}