Vulnerabilità: CVE-2005-2969

L’implementazione del server SSL / TLS in OpenSSL 0.9.7 prima 0.9.7h e 0.9.8 prima 0.9.8a, quando si utilizza l’opzione SSL_OP_MSIE_SSLV2_RSA_PADDING, disabilita una fase di verifica che è necessario per prevenire la versione del protocollo attacchi di rollback, che permette ad aggressori remoti di forza un client e un server di utilizzare un protocollo più debole di quello necessario tramite un attacco man-in-the-middle.


http://docs.info.apple.com/article.html?artnum=302847
http://www.securityfocus.com/bid/15071
http://www.securityfocus.com/bid/15647
http://www.securityfocus.com/bid/24799
http://www.cisco.com/warp/public/707/cisco-response-20051202-openssl.shtml
http://support.avaya.com/elmodocs2/security/ASA-2006-031.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm
http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html
http://www.hitachi-support.com/security_e/vuls_e/HS07-016_e/index-e.html
http://www.openssl.org/news/secadv_20051011.txt
https://issues.rpath.com/browse/RPL-1633
http://www.debian.org/security/2005/dsa-875
http://www.debian.org/security/2005/dsa-881
http://www.debian.org/security/2005/dsa-882
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100
http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540
http://www.mandriva.com/security/advisories?name=MDKSA-2005:179
http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVHMCHMC_C081516_754
http://www.juniper.net/support/security/alerts/PSN-2005-12-025.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11454
http://www.redhat.com/support/errata/RHSA-2005-762.html
http://www.redhat.com/support/errata/RHSA-2005-800.html
http://www.redhat.com/support/errata/RHSA-2008-0629.html
http://securitytracker.com/id?1015032
http://secunia.com/advisories/17146
http://secunia.com/advisories/17151
http://secunia.com/advisories/17153
http://secunia.com/advisories/17169
http://secunia.com/advisories/17178
http://secunia.com/advisories/17180
http://secunia.com/advisories/17189
http://secunia.com/advisories/17191
http://secunia.com/advisories/17210
http://secunia.com/advisories/17259
http://secunia.com/advisories/17288
http://secunia.com/advisories/17335
http://secunia.com/advisories/17344
http://secunia.com/advisories/17389
http://secunia.com/advisories/17409
http://secunia.com/advisories/17432
http://secunia.com/advisories/17466
http://secunia.com/advisories/17589
http://secunia.com/advisories/17617
http://secunia.com/advisories/17632
http://secunia.com/advisories/17813
http://secunia.com/advisories/17888
http://secunia.com/advisories/18045
http://secunia.com/advisories/18123
http://secunia.com/advisories/18165
http://secunia.com/advisories/18663
http://secunia.com/advisories/19185
http://secunia.com/advisories/21827
http://secunia.com/advisories/23280
http://secunia.com/advisories/23340
http://secunia.com/advisories/23843
http://secunia.com/advisories/23915
http://secunia.com/advisories/25973
http://secunia.com/advisories/26893
http://secunia.com/advisories/31492
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101974-1
http://www.novell.com/linux/security/advisories/2005_61_openssl.html
http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html
http://www.vupen.com/english/advisories/2005/2036
http://www.vupen.com/english/advisories/2005/2659
http://www.vupen.com/english/advisories/2005/2710
http://www.vupen.com/english/advisories/2005/2908
http://www.vupen.com/english/advisories/2005/3002
http://www.vupen.com/english/advisories/2005/3056
http://www.vupen.com/english/advisories/2006/3531
http://www.vupen.com/english/advisories/2007/0326
http://www.vupen.com/english/advisories/2007/0343
http://www.vupen.com/english/advisories/2007/2457
https://exchange.xforce.ibmcloud.com/vulnerabilities/35287
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2969


E' possibile lasciare un commento come utenti registrati al sito, accedendo tramite social, account wordpress oppure come utenti anonimi. Nel caso in cui si desideri lasciare un commento come utenti anonimi si verrà avvisati via email di un'eventuale risposta solo se si inserisce l'indirizzo email (facoltativo). L'inserimento di qualsiasi dato nei campi dei commenti è totalmente facoltativo. Chiunque decida di inserire un qualsiasi dato accetta il trattamento di questi ultimi per i fini inerenti al servizio ovvero la risposta al commento e le comunicazioni strettamente necessarie.


Rispondi