Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2005-2969

Disclosure Date: October 18, 2005
CVE-2005-2969
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

References

Canonical
CVE-2005-2969 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2969)
BID-15071 (http://www.securityfocus.com/bid/15071)
BID-24799 (http://www.securityfocus.com/bid/24799)
BID-15647 (http://www.securityfocus.com/bid/15647)
Advisory
SECUNIA-17259 (http://secunia.com/advisories/17259)
SECUNIA-23915 (http://secunia.com/advisories/23915)
http://www.novell.com/linux/security/advisories/2005_61_openssl.html
SECUNIA-26893 (http://secunia.com/advisories/26893)
SECUNIA-17389 (http://secunia.com/advisories/17389)
ADV-2005-3056 (http://www.vupen.com/english/advisories/2005/3056)
ADV-2007-2457 (http://www.vupen.com/english/advisories/2007/2457)
http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm
SECUNIA-17813 (http://secunia.com/advisories/17813)
SECUNIA-18165 (http://secunia.com/advisories/18165)
SECUNIA-23340 (http://secunia.com/advisories/23340)
SECUNIA-18123 (http://secunia.com/advisories/18123)
DSA-881 (http://www.debian.org/security/2005/dsa-881)
http://www.hitachi-support.com/security_e/vuls_e/HS07-016_e/index-e.html
ADV-2005-2659 (http://www.vupen.com/english/advisories/2005/2659)
DSA-882 (http://www.debian.org/security/2005/dsa-882)
20051202 Cisco Security Notice: Response to OpenSSL - Potential SSL 2.0 Rollback (http://www.cisco.com/warp/public/707/cisco-response-20051202-openssl.shtml)
SECUNIA-17153 (http://secunia.com/advisories/17153)
SSRT071299 (http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540)
SECUNIA-17191 (http://secunia.com/advisories/17191)
ADV-2005-2908 (http://www.vupen.com/english/advisories/2005/2908)
SECTRACK-1015032 (http://securitytracker.com/id?1015032)
https://issues.rpath.com/browse/RPL-1633
SECUNIA-17344 (http://secunia.com/advisories/17344)
SECUNIA-19185 (http://secunia.com/advisories/19185)
ADV-2005-2036 (http://www.vupen.com/english/advisories/2005/2036)
SECUNIA-17589 (http://secunia.com/advisories/17589)
ADV-2005-2710 (http://www.vupen.com/english/advisories/2005/2710)
ADV-2005-3002 (http://www.vupen.com/english/advisories/2005/3002)
SECUNIA-31492 (http://secunia.com/advisories/31492)
SECUNIA-17466 (http://secunia.com/advisories/17466)
http://www.redhat.com/support/errata/RHSA-2008-0629.html
SECUNIA-17146 (http://secunia.com/advisories/17146)
SECUNIA-17169 (http://secunia.com/advisories/17169)
XF-hitachi-hicommand-security-bypass(35287) (https://exchange.xforce.ibmcloud.com/vulnerabilities/35287)
ADV-2007-0343 (http://www.vupen.com/english/advisories/2007/0343)
http://support.avaya.com/elmodocs2/security/ASA-2006-031.htm
SECUNIA-23280 (http://secunia.com/advisories/23280)
APPLE-SA-2005-11-29 (http://docs.info.apple.com/article.html?artnum=302847)
SECUNIA-23843 (http://secunia.com/advisories/23843)
SECUNIA-17189 (http://secunia.com/advisories/17189)
SECUNIA-21827 (http://secunia.com/advisories/21827)
SECUNIA-17288 (http://secunia.com/advisories/17288)
http://www.mandriva.com/security/advisories?name=MDKSA-2005:179
SECUNIA-17632 (http://secunia.com/advisories/17632)
ADV-2007-0326 (http://www.vupen.com/english/advisories/2007/0326)
SECUNIA-17409 (http://secunia.com/advisories/17409)
SECUNIA-25973 (http://secunia.com/advisories/25973)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11454
SECUNIA-17888 (http://secunia.com/advisories/17888)
SECUNIA-17210 (http://secunia.com/advisories/17210)
DSA-875 (http://www.debian.org/security/2005/dsa-875)
ADV-2006-3531 (http://www.vupen.com/english/advisories/2006/3531)
http://www.openssl.org/news/secadv_20051011.txt
SECUNIA-17178 (http://secunia.com/advisories/17178)
HPSBUX02174 (http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100)
http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html
SECUNIA-17432 (http://secunia.com/advisories/17432)
SECUNIA-17180 (http://secunia.com/advisories/17180)
SUNALERT-101974 (http://sunsolve.sun.com/search/document.do?assetkey=1-26-101974-1)
SECUNIA-17335 (http://secunia.com/advisories/17335)
http://www.redhat.com/support/errata/RHSA-2005-762.html
http://www.redhat.com/support/errata/RHSA-2005-800.html
SECUNIA-17151 (http://secunia.com/advisories/17151)
SECUNIA-18663 (http://secunia.com/advisories/18663)
SECUNIA-17617 (http://secunia.com/advisories/17617)
SECUNIA-18045 (http://secunia.com/advisories/18045)
Miscellaneous
http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVHMCHMC_C081516_754
TSLSA-2005-0059 (http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html)
http://www.juniper.net/support/security/alerts/PSN-2005-12-025.txt

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis