ID OPENVAS:1361412562310862152 Type openvas Reporter Copyright (c) 2010 Greenbone Networks GmbH Modified 2018-01-22T00:00:00
Description
Check for the Version of openssl
###############################################################################
# OpenVAS Vulnerability Test
#
# Fedora Update for openssl FEDORA-2010-9639
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_affected = "openssl on Fedora 12";
tag_insight = "The OpenSSL toolkit provides support for secure communications between
machines. OpenSSL includes a certificate management tool and shared
libraries which provide various cryptographic algorithms and
protocols.";
tag_solution = "Please Install the Updated Packages.";
if(description)
{
script_xref(name : "URL" , value : "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042919.html");
script_oid("1.3.6.1.4.1.25623.1.0.862152");
script_version("$Revision: 8485 $");
script_tag(name:"last_modification", value:"$Date: 2018-01-22 08:57:57 +0100 (Mon, 22 Jan 2018) $");
script_tag(name:"creation_date", value:"2010-06-18 17:26:33 +0200 (Fri, 18 Jun 2010)");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_xref(name: "FEDORA", value: "2010-9639");
script_cve_id("CVE-2010-0742", "CVE-2010-1633", "CVE-2009-4355", "CVE-2009-3555");
script_name("Fedora Update for openssl FEDORA-2010-9639");
script_tag(name: "summary" , value: "Check for the Version of openssl");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2010 Greenbone Networks GmbH");
script_family("Fedora Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms");
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "FC12")
{
if ((res = isrpmvuln(pkg:"openssl", rpm:"openssl~1.0.0a~1.fc12", rls:"FC12")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
{"id": "OPENVAS:1361412562310862152", "type": "openvas", "bulletinFamily": "scanner", "title": "Fedora Update for openssl FEDORA-2010-9639", "description": "Check for the Version of openssl", "published": "2010-06-18T00:00:00", "modified": "2018-01-22T00:00:00", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862152", "reporter": "Copyright (c) 2010 Greenbone Networks GmbH", "references": ["2010-9639", "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042919.html"], "cvelist": ["CVE-2009-4355", "CVE-2010-0742", "CVE-2009-3555", "CVE-2010-1633"], "lastseen": "2018-01-22T13:05:53", "viewCount": 1, "enchantments": {"score": {"value": 6.3, "vector": "NONE", "modified": "2018-01-22T13:05:53", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-1633", "CVE-2009-3555", "CVE-2010-0742", "CVE-2009-4355"]}, {"type": "fedora", "idList": ["FEDORA:C8F7F110906", "FEDORA:776A61D72B0", "FEDORA:5429A1108EB", "FEDORA:8385C29043", "FEDORA:4C502110FE5", "FEDORA:EABE2110DCF", "FEDORA:58E1828ED7E", "FEDORA:7EA761108D8", "FEDORA:564D5110A27"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310862566", "OPENVAS:862566", "OPENVAS:862158", "OPENVAS:862152", "OPENVAS:1361412562310862737", "OPENVAS:1361412562310862158", "OPENVAS:862737", "OPENVAS:862568", "OPENVAS:862920", "OPENVAS:1361412562310862568"]}, {"type": "f5", "idList": ["SOL17248", "SOL15405", "F5:K10737", "F5:K93959105", "F5:K17248", "SOL10737"]}, {"type": "nessus", "idList": ["OPENSSL_1_0_0A.NASL", "FEDORA_2010-9639.NASL", "SUSE_11_1_OPENSSL-CVE-2009-4355_PATCH-100120.NASL", "SUSE_11_0_OPENSSL-CVE-2009-4355_PATCH-100115.NASL", "FEDORA_2010-9421.NASL", "OPENSSL_0_9_8M.NASL", "FEDORA_2010-9574.NASL", "SUSE_11_2_OPENSSL-CVE-2009-4355_PATCH-100115.NASL", "F5_BIGIP_SOL17248.NASL", "FEDORA_2010-5357.NASL"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2009-4355", "OPENSSL:CVE-2010-1633", "OPENSSL:CVE-2009-3555", "OPENSSL:CVE-2010-0742"]}, {"type": "seebug", "idList": ["SSV:19735", "SSV:18637", "SSV:19727", "SSV:19736"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:23048", "SECURITYVULNS:VULN:10519"]}, {"type": "ubuntu", "idList": ["USN-990-2", "USN-884-1"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1970-1:9C793"]}, {"type": "gentoo", "idList": ["GLSA-201110-01"]}, {"type": "centos", "idList": ["CESA-2010:0164"]}, {"type": "oraclelinux", "idList": ["ELSA-2010-0164"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:84112"]}, {"type": "cisco", "idList": ["CISCO-SA-20091105-CVE-2009-3555"]}], "modified": "2018-01-22T13:05:53", "rev": 2}, "vulnersScore": 6.3}, "pluginID": "1361412562310862152", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssl FEDORA-2010-9639\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"openssl on Fedora 12\";\ntag_insight = \"The OpenSSL toolkit provides support for secure communications between\n machines. OpenSSL includes a certificate management tool and shared\n libraries which provide various cryptographic algorithms and\n protocols.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042919.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862152\");\n script_version(\"$Revision: 8485 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 08:57:57 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-18 17:26:33 +0200 (Fri, 18 Jun 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-9639\");\n script_cve_id(\"CVE-2010-0742\", \"CVE-2010-1633\", \"CVE-2009-4355\", \"CVE-2009-3555\");\n script_name(\"Fedora Update for openssl FEDORA-2010-9639\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0a~1.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "naslFamily": "Fedora Local Security Checks"}
{"cve": [{"lastseen": "2020-12-09T19:31:24", "description": "Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.", "edition": 5, "cvss3": {}, "published": "2010-01-14T19:30:00", "title": "CVE-2009-4355", "type": "cve", "cwe": ["CWE-399"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-4355"], "modified": "2017-09-19T01:29:00", "cpe": ["cpe:/a:openssl:openssl:0.9.6e", "cpe:/a:openssl:openssl:0.9.8b", "cpe:/a:openssl:openssl:0.9.8h", "cpe:/a:redhat:openssl:0.9.7a-2", "cpe:/a:openssl:openssl:0.9.8k", "cpe:/a:openssl:openssl:0.9.3a", "cpe:/a:openssl:openssl:0.9.8j", "cpe:/a:openssl:openssl:0.9.8a", "cpe:/a:redhat:openssl:0.9.6b-3", "cpe:/a:openssl:openssl:0.9.7c", "cpe:/a:openssl:openssl:0.9.7j", "cpe:/a:openssl:openssl:0.9.6", "cpe:/a:openssl:openssl:0.9.7g", "cpe:/a:openssl:openssl:0.9.6j", "cpe:/a:openssl:openssl:0.9.7a", "cpe:/a:openssl:openssl:0.9.3", "cpe:/a:openssl:openssl:0.9.7m", "cpe:/a:openssl:openssl:0.9.1c", "cpe:/a:openssl:openssl:0.9.7h", "cpe:/a:openssl:openssl:0.9.7", "cpe:/a:openssl:openssl:0.9.6k", "cpe:/a:openssl:openssl:0.9.5a", "cpe:/a:openssl:openssl:0.9.6a", "cpe:/a:openssl:openssl:0.9.7d", "cpe:/a:openssl:openssl:0.9.6h", "cpe:/a:openssl:openssl:0.9.8f", "cpe:/a:openssl:openssl:0.9.8", "cpe:/a:openssl:openssl:1.0.0", "cpe:/a:openssl:openssl:0.9.5", "cpe:/a:openssl:openssl:0.9.4", "cpe:/a:openssl:openssl:0.9.8i", "cpe:/a:openssl:openssl:0.9.7f", "cpe:/a:openssl:openssl:0.9.8c", "cpe:/a:openssl:openssl:0.9.7b", "cpe:/a:openssl:openssl:0.9.6c", "cpe:/a:openssl:openssl:0.9.7l", "cpe:/a:openssl:openssl:0.9.6i", "cpe:/a:openssl:openssl:0.9.6d", "cpe:/a:openssl:openssl:0.9.7i", "cpe:/a:openssl:openssl:0.9.8d", "cpe:/a:openssl:openssl:0.9.7k", "cpe:/a:openssl:openssl:0.9.6g", "cpe:/a:openssl:openssl:0.9.6m", "cpe:/a:openssl:openssl:0.9.7e", "cpe:/a:openssl:openssl:0.9.6f", "cpe:/a:openssl:openssl:0.9.8e", "cpe:/a:openssl:openssl:0.9.8g", "cpe:/a:openssl:openssl:0.9.6b", "cpe:/a:openssl:openssl:0.9.2b", "cpe:/a:openssl:openssl:0.9.8l", "cpe:/a:openssl:openssl:0.9.6l", "cpe:/a:redhat:openssl:0.9.6-15"], "id": "CVE-2009-4355", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4355", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl:0.9.7a-2:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl:0.9.6-15:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*", "cpe:2.3:a:redhat:openssl:0.9.6b-3:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:34:36", "description": "The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors.", "edition": 5, "cvss3": {}, "published": "2010-06-03T14:30:00", "title": "CVE-2010-0742", "type": "cve", "cwe": ["CWE-310"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-0742"], "modified": "2017-09-19T01:30:00", "cpe": ["cpe:/a:openssl:openssl:0.9.8m", "cpe:/a:openssl:openssl:0.9.8n", "cpe:/a:openssl:openssl:0.9.6e", "cpe:/a:openssl:openssl:0.9.8b", "cpe:/a:openssl:openssl:0.9.8h", "cpe:/a:openssl:openssl:0.9.8k", "cpe:/a:openssl:openssl:0.9.3a", "cpe:/a:openssl:openssl:0.9.8j", "cpe:/a:openssl:openssl:0.9.8a", "cpe:/a:openssl:openssl:0.9.7c", "cpe:/a:openssl:openssl:0.9.7j", "cpe:/a:openssl:openssl:0.9.6", "cpe:/a:openssl:openssl:0.9.7g", "cpe:/a:openssl:openssl:0.9.6j", "cpe:/a:openssl:openssl:0.9.7a", "cpe:/a:openssl:openssl:0.9.3", "cpe:/a:openssl:openssl:0.9.7m", "cpe:/a:openssl:openssl:0.9.1c", "cpe:/a:openssl:openssl:0.9.7h", "cpe:/a:openssl:openssl:0.9.7", "cpe:/a:openssl:openssl:0.9.6k", "cpe:/a:openssl:openssl:0.9.5a", "cpe:/a:openssl:openssl:0.9.6a", "cpe:/a:openssl:openssl:0.9.7d", "cpe:/a:openssl:openssl:0.9.6h", "cpe:/a:openssl:openssl:0.9.8f", "cpe:/a:openssl:openssl:0.9.8", "cpe:/a:openssl:openssl:1.0.0", "cpe:/a:openssl:openssl:0.9.5", "cpe:/a:openssl:openssl:0.9.4", "cpe:/a:openssl:openssl:0.9.8i", "cpe:/a:openssl:openssl:0.9.7f", "cpe:/a:openssl:openssl:0.9.8c", "cpe:/a:openssl:openssl:0.9.7b", "cpe:/a:openssl:openssl:0.9.6c", "cpe:/a:openssl:openssl:0.9.7l", "cpe:/a:openssl:openssl:0.9.6i", "cpe:/a:openssl:openssl:0.9.6d", "cpe:/a:openssl:openssl:0.9.7i", "cpe:/a:openssl:openssl:0.9.8d", "cpe:/a:openssl:openssl:0.9.7k", "cpe:/a:openssl:openssl:0.9.6g", "cpe:/a:openssl:openssl:0.9.6m", "cpe:/a:openssl:openssl:0.9.7e", "cpe:/a:openssl:openssl:0.9.6f", "cpe:/a:openssl:openssl:0.9.8e", "cpe:/a:openssl:openssl:0.9.8g", "cpe:/a:openssl:openssl:0.9.6b", "cpe:/a:openssl:openssl:0.9.2b", "cpe:/a:openssl:openssl:0.9.8l", "cpe:/a:openssl:openssl:0.9.6l"], "id": "CVE-2010-0742", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0742", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:57:24", "description": "RSA verification recovery in the EVP_PKEY_verify_recover function in OpenSSL 1.x before 1.0.0a, as used by pkeyutl and possibly other applications, returns uninitialized memory upon failure, which might allow context-dependent attackers to bypass intended key requirements or obtain sensitive information via unspecified vectors. NOTE: some of these details are obtained from third party information.", "edition": 3, "cvss3": {}, "published": "2010-06-03T14:30:00", "title": "CVE-2010-1633", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1633"], "modified": "2014-03-26T04:05:00", "cpe": ["cpe:/a:openssl:openssl:1.0.0"], "id": "CVE-2010-1633", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1633", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:31:22", "description": "The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a \"plaintext injection\" attack, aka the \"Project Mogul\" issue.", "edition": 8, "cvss3": {}, "published": "2009-11-09T17:30:00", "title": "CVE-2009-3555", "type": "cve", "cwe": ["CWE-310"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3555"], "modified": "2019-07-03T17:25:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "cpe:/a:openssl:openssl:1.0", "cpe:/o:debian:debian_linux:4.0", "cpe:/a:openssl:openssl:0.9.8k", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:gnu:gnutls:2.8.5", "cpe:/a:microsoft:internet_information_server:7.0", "cpe:/o:canonical:ubuntu_linux:8.04", "cpe:/o:fedoraproject:fedora:13", "cpe:/o:debian:debian_linux:5.0", "cpe:/o:fedoraproject:fedora:14", "cpe:/o:canonical:ubuntu_linux:10.10", "cpe:/a:mozilla:nss:3.12.4", "cpe:/o:canonical:ubuntu_linux:9.10", "cpe:/o:fedoraproject:fedora:12", "cpe:/o:canonical:ubuntu_linux:10.04", "cpe:/a:apache:http_server:2.2.14", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:canonical:ubuntu_linux:8.10", "cpe:/o:canonical:ubuntu_linux:9.04", "cpe:/o:fedoraproject:fedora:11"], "id": "CVE-2009-3555", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.8.5:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*", "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:nss:3.12.4:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:internet_information_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0:*:openvms:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2018-01-02T10:54:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4355", "CVE-2010-0742", "CVE-2009-3555", "CVE-2010-1633"], "description": "Check for the Version of openssl", "modified": "2017-12-22T00:00:00", "published": "2010-06-18T00:00:00", "id": "OPENVAS:862152", "href": "http://plugins.openvas.org/nasl.php?oid=862152", "type": "openvas", "title": "Fedora Update for openssl FEDORA-2010-9639", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssl FEDORA-2010-9639\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"openssl on Fedora 12\";\ntag_insight = \"The OpenSSL toolkit provides support for secure communications between\n machines. OpenSSL includes a certificate management tool and shared\n libraries which provide various cryptographic algorithms and\n protocols.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042919.html\");\n script_id(862152);\n script_version(\"$Revision: 8226 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-22 07:30:26 +0100 (Fri, 22 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-18 17:26:33 +0200 (Fri, 18 Jun 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-9639\");\n script_cve_id(\"CVE-2010-0742\", \"CVE-2010-1633\", \"CVE-2009-4355\", \"CVE-2009-3555\");\n script_name(\"Fedora Update for openssl FEDORA-2010-9639\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0a~1.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-20T13:17:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4355", "CVE-2010-0742", "CVE-2009-3555", "CVE-2010-1633", "CVE-2010-3864"], "description": "Check for the Version of openssl", "modified": "2017-12-19T00:00:00", "published": "2010-11-23T00:00:00", "id": "OPENVAS:862568", "href": "http://plugins.openvas.org/nasl.php?oid=862568", "type": "openvas", "title": "Fedora Update for openssl FEDORA-2010-17826", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssl FEDORA-2010-17826\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"openssl on Fedora 12\";\ntag_insight = \"The OpenSSL toolkit provides support for secure communications between\n machines. OpenSSL includes a certificate management tool and shared\n libraries which provide various cryptographic algorithms and\n protocols.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051255.html\");\n script_id(862568);\n script_version(\"$Revision: 8164 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 07:30:41 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-23 15:30:07 +0100 (Tue, 23 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-17826\");\n script_cve_id(\"CVE-2010-3864\", \"CVE-2010-0742\", \"CVE-2010-1633\", \"CVE-2009-4355\", \"CVE-2009-3555\");\n script_name(\"Fedora Update for openssl FEDORA-2010-17826\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0b~1.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-17T11:05:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4355", "CVE-2010-0742", "CVE-2009-3555", "CVE-2010-1633", "CVE-2010-3864"], "description": "Check for the Version of openssl", "modified": "2018-01-16T00:00:00", "published": "2010-11-23T00:00:00", "id": "OPENVAS:1361412562310862568", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862568", "type": "openvas", "title": "Fedora Update for openssl FEDORA-2010-17826", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssl FEDORA-2010-17826\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"openssl on Fedora 12\";\ntag_insight = \"The OpenSSL toolkit provides support for secure communications between\n machines. OpenSSL includes a certificate management tool and shared\n libraries which provide various cryptographic algorithms and\n protocols.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051255.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862568\");\n script_version(\"$Revision: 8438 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-16 18:38:23 +0100 (Tue, 16 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-23 15:30:07 +0100 (Tue, 23 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-17826\");\n script_cve_id(\"CVE-2010-3864\", \"CVE-2010-0742\", \"CVE-2010-1633\", \"CVE-2009-4355\", \"CVE-2009-3555\");\n script_name(\"Fedora Update for openssl FEDORA-2010-17826\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0b~1.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-19T15:05:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0742", "CVE-2010-1633"], "description": "Check for the Version of openssl", "modified": "2018-01-19T00:00:00", "published": "2010-06-18T00:00:00", "id": "OPENVAS:1361412562310862158", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862158", "type": "openvas", "title": "Fedora Update for openssl FEDORA-2010-9574", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssl FEDORA-2010-9574\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"openssl on Fedora 13\";\ntag_insight = \"The OpenSSL toolkit provides support for secure communications between\n machines. OpenSSL includes a certificate management tool and shared\n libraries which provide various cryptographic algorithms and\n protocols.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042855.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862158\");\n script_version(\"$Revision: 8469 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-19 08:58:21 +0100 (Fri, 19 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-18 17:26:33 +0200 (Fri, 18 Jun 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-9574\");\n script_cve_id(\"CVE-2010-0742\", \"CVE-2010-1633\");\n script_name(\"Fedora Update for openssl FEDORA-2010-9574\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0a~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-21T11:33:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0742", "CVE-2010-1633"], "description": "Check for the Version of openssl", "modified": "2017-12-21T00:00:00", "published": "2010-06-18T00:00:00", "id": "OPENVAS:862158", "href": "http://plugins.openvas.org/nasl.php?oid=862158", "type": "openvas", "title": "Fedora Update for openssl FEDORA-2010-9574", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssl FEDORA-2010-9574\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"openssl on Fedora 13\";\ntag_insight = \"The OpenSSL toolkit provides support for secure communications between\n machines. OpenSSL includes a certificate management tool and shared\n libraries which provide various cryptographic algorithms and\n protocols.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042855.html\");\n script_id(862158);\n script_version(\"$Revision: 8205 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-21 07:30:37 +0100 (Thu, 21 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-18 17:26:33 +0200 (Fri, 18 Jun 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-9574\");\n script_cve_id(\"CVE-2010-0742\", \"CVE-2010-1633\");\n script_name(\"Fedora Update for openssl FEDORA-2010-9574\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0a~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-18T11:04:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0742", "CVE-2010-1633", "CVE-2010-3864"], "description": "Check for the Version of openssl", "modified": "2018-01-17T00:00:00", "published": "2010-11-23T00:00:00", "id": "OPENVAS:1361412562310862566", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862566", "type": "openvas", "title": "Fedora Update for openssl FEDORA-2010-17847", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssl FEDORA-2010-17847\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"openssl on Fedora 13\";\ntag_insight = \"The OpenSSL toolkit provides support for secure communications between\n machines. OpenSSL includes a certificate management tool and shared\n libraries which provide various cryptographic algorithms and\n protocols.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051237.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862566\");\n script_version(\"$Revision: 8440 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 08:58:46 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-23 15:30:07 +0100 (Tue, 23 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-17847\");\n script_cve_id(\"CVE-2010-3864\", \"CVE-2010-0742\", \"CVE-2010-1633\");\n script_name(\"Fedora Update for openssl FEDORA-2010-17847\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0b~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-20T13:17:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0742", "CVE-2010-1633", "CVE-2010-3864"], "description": "Check for the Version of openssl", "modified": "2017-12-19T00:00:00", "published": "2010-11-23T00:00:00", "id": "OPENVAS:862566", "href": "http://plugins.openvas.org/nasl.php?oid=862566", "type": "openvas", "title": "Fedora Update for openssl FEDORA-2010-17847", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssl FEDORA-2010-17847\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"openssl on Fedora 13\";\ntag_insight = \"The OpenSSL toolkit provides support for secure communications between\n machines. OpenSSL includes a certificate management tool and shared\n libraries which provide various cryptographic algorithms and\n protocols.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051237.html\");\n script_id(862566);\n script_version(\"$Revision: 8164 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-19 07:30:41 +0100 (Tue, 19 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-23 15:30:07 +0100 (Tue, 23 Nov 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-17847\");\n script_cve_id(\"CVE-2010-3864\", \"CVE-2010-0742\", \"CVE-2010-1633\");\n script_name(\"Fedora Update for openssl FEDORA-2010-17847\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0b~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-03T10:54:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4180", "CVE-2010-0742", "CVE-2010-1633", "CVE-2010-3864"], "description": "Check for the Version of openssl", "modified": "2018-01-02T00:00:00", "published": "2010-12-28T00:00:00", "id": "OPENVAS:1361412562310862737", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862737", "type": "openvas", "title": "Fedora Update for openssl FEDORA-2010-18736", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssl FEDORA-2010-18736\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"openssl on Fedora 13\";\ntag_insight = \"The OpenSSL toolkit provides support for secure communications between\n machines. OpenSSL includes a certificate management tool and shared\n libraries which provide various cryptographic algorithms and\n protocols.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052315.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862737\");\n script_version(\"$Revision: 8269 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-02 08:28:22 +0100 (Tue, 02 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-28 07:11:56 +0100 (Tue, 28 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-18736\");\n script_cve_id(\"CVE-2010-4180\", \"CVE-2010-3864\", \"CVE-2010-0742\", \"CVE-2010-1633\");\n script_name(\"Fedora Update for openssl FEDORA-2010-18736\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0c~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-15T11:57:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4180", "CVE-2010-0742", "CVE-2010-1633", "CVE-2010-3864"], "description": "Check for the Version of openssl", "modified": "2017-12-15T00:00:00", "published": "2010-12-28T00:00:00", "id": "OPENVAS:862737", "href": "http://plugins.openvas.org/nasl.php?oid=862737", "type": "openvas", "title": "Fedora Update for openssl FEDORA-2010-18736", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssl FEDORA-2010-18736\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"openssl on Fedora 13\";\ntag_insight = \"The OpenSSL toolkit provides support for secure communications between\n machines. OpenSSL includes a certificate management tool and shared\n libraries which provide various cryptographic algorithms and\n protocols.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052315.html\");\n script_id(862737);\n script_version(\"$Revision: 8130 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-15 07:31:09 +0100 (Fri, 15 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-28 07:11:56 +0100 (Tue, 28 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-18736\");\n script_cve_id(\"CVE-2010-4180\", \"CVE-2010-3864\", \"CVE-2010-0742\", \"CVE-2010-1633\");\n script_name(\"Fedora Update for openssl FEDORA-2010-18736\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openssl\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0c~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:40:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4180", "CVE-2010-0742", "CVE-2011-0014", "CVE-2010-1633", "CVE-2010-3864"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-03-24T00:00:00", "id": "OPENVAS:1361412562310862920", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862920", "type": "openvas", "title": "Fedora Update for openssl FEDORA-2011-1255", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openssl FEDORA-2011-1255\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056102.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862920\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-24 14:29:52 +0100 (Thu, 24 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2011-1255\");\n script_cve_id(\"CVE-2011-0014\", \"CVE-2010-4180\", \"CVE-2010-3864\", \"CVE-2010-0742\", \"CVE-2010-1633\");\n script_name(\"Fedora Update for openssl FEDORA-2011-1255\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC13\");\n script_tag(name:\"affected\", value:\"openssl on Fedora 13\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.0.0d~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555", "CVE-2009-4355", "CVE-2010-0742", "CVE-2010-1633"], "description": "The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. ", "modified": "2010-06-16T17:44:27", "published": "2010-06-16T17:44:27", "id": "FEDORA:8385C29043", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: openssl-1.0.0a-1.fc12", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555", "CVE-2009-4355", "CVE-2010-0742", "CVE-2010-1633", "CVE-2010-3864"], "description": "The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. ", "modified": "2010-11-21T21:57:22", "published": "2010-11-21T21:57:22", "id": "FEDORA:5429A1108EB", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: openssl-1.0.0b-1.fc12", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0742", "CVE-2010-1633"], "description": "The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. ", "modified": "2010-06-15T15:59:21", "published": "2010-06-15T15:59:21", "id": "FEDORA:EABE2110DCF", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: openssl-1.0.0a-1.fc13", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0742", "CVE-2010-1633", "CVE-2010-3864"], "description": "The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. ", "modified": "2010-11-21T21:53:49", "published": "2010-11-21T21:53:49", "id": "FEDORA:7EA761108D8", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: openssl-1.0.0b-1.fc13", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0742", "CVE-2010-1633", "CVE-2010-3864", "CVE-2010-4180"], "description": "The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. ", "modified": "2010-12-17T08:35:37", "published": "2010-12-17T08:35:37", "id": "FEDORA:C8F7F110906", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: openssl-1.0.0c-1.fc13", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0742", "CVE-2010-1633", "CVE-2010-3864", "CVE-2010-4180", "CVE-2011-0014"], "description": "The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. ", "modified": "2011-03-17T18:49:43", "published": "2011-03-17T18:49:43", "id": "FEDORA:564D5110A27", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: openssl-1.0.0d-1.fc13", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1377", "CVE-2009-1378", "CVE-2009-1379", "CVE-2009-3245", "CVE-2009-3555", "CVE-2009-4355", "CVE-2010-0433", "CVE-2010-0740", "CVE-2010-0742"], "description": "The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. ", "modified": "2010-06-21T21:43:21", "published": "2010-06-21T21:43:21", "id": "FEDORA:776A61D72B0", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: openssl-0.9.8n-2.fc11", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3245", "CVE-2009-3555", "CVE-2009-4355", "CVE-2010-0433", "CVE-2010-0740"], "description": "The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. ", "modified": "2010-05-25T18:42:18", "published": "2010-05-25T18:42:18", "id": "FEDORA:4C502110FE5", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: openssl-1.0.0-4.fc12", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555"], "description": "GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. Currently the GnuTLS library implem ents the proposed standards by the IETF's TLS working group. ", "modified": "2010-06-22T17:21:05", "published": "2010-06-22T17:21:05", "id": "FEDORA:6A214110D58", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: gnutls-2.8.6-2.fc13", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "f5": [{"lastseen": "2019-04-16T04:21:28", "bulletinFamily": "software", "cvelist": ["CVE-2010-0742"], "description": "\nF5 Product Development has assigned ID 539970 (BIG-IP) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H17248 on the **Diagnostics** > **Identified** > **Low** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 10.1.0 - 10.2.4| 12.0.0 \n11.0.0 - 11.6.0| Low| OpenSSL \nBIG-IP AAM| None| 12.0.0 \n11.4.0 - 11.6.0| Not vulnerable| None \nBIG-IP AFM| None| 12.0.0 \n11.3.0 - 11.6.0| Not vulnerable| None \nBIG-IP Analytics| None| 12.0.0 \n11.0.0 - 11.6.0| Not vulnerable| None \nBIG-IP APM| 10.1.0 - 10.2.4| 12.0.0 \n11.0.0 - 11.6.0| Low| OpenSSL \nBIG-IP ASM| 10.1.0 - 10.2.4| 12.0.0 \n11.0.0 - 11.6.0| Low| OpenSSL \nBIG-IP DNS| None| 12.0.0| Not vulnerable| None \nBIG-IP Edge Gateway| 10.1.0 - 10.2.4| 11.0.0 - 11.3.0| Low| OpenSSL \nBIG-IP GTM| 10.1.0 - 10.2.4| 11.0.0 - 11.6.0| Low| OpenSSL \nBIG-IP Link Controller| 10.1.0 - 10.2.4| 12.0.0 \n11.0.0 - 11.6.0| Low| OpenSSL \nBIG-IP PEM| None| 12.0.0 \n11.3.0 - 11.6.0| Not vulnerable| None \nBIG-IP PSM| 10.1.0 - 10.2.4| 11.0.0 - 11.4.1| Low| OpenSSL \nBIG-IP WebAccelerator| 10.1.0 - 10.2.4| 11.0.0 - 11.3.0| Low| OpenSSL \nBIG-IP WOM| 10.1.0 - 10.2.4| 11.0.0 - 11.3.0| Low| OpenSSL \nARX| None| 6.0.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| None| 3.0.0 - 3.1.1| Not vulnerable| None \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| Not vulnerable| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| \nNone| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| Not vulnerable| None \n \n**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\nTo mitigate this vulnerability for affected F5 products, you should only permit management access to F5 products over a secure network and limit shell access to trusted users. For more information about securing access to BIG-IP/Enterprise Manager systems, refer to [K7448: Restricting access to the Configuration utility by source IP address (9.x - 10.x)](<https://support.f5.com/csp/article/K7448>) and [K13092: Overview of securing access to the BIG-IP system](<https://support.f5.com/csp/article/K13092>). \n\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "edition": 1, "modified": "2017-04-06T19:20:00", "published": "2015-09-09T22:17:00", "id": "F5:K17248", "href": "https://support.f5.com/csp/article/K17248", "title": "OpenSSL vulnerability CVE-2010-0742", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-10-07T20:36:36", "bulletinFamily": "software", "cvelist": ["CVE-2010-1633"], "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2018-04-04T02:08:00", "published": "2018-04-04T02:08:00", "id": "F5:K93959105", "href": "https://support.f5.com/csp/article/K93959105", "title": "OpenSSL vulnerability CVE-2010-1633", "type": "f5", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2016-03-19T09:01:56", "bulletinFamily": "software", "cvelist": ["CVE-2010-0742"], "edition": 1, "description": "**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\nRecommended Action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nTo mitigate this vulnerability for affected F5 products, you should only permit management access to F5 products over a secure network and limit shell access to trusted users. For more information about securing access to BIG-IP/Enterprise Manager systems, refer to SOL7448: Restricting access to the Configuration utility by source IP address (9.x - 10.x) and SOL13092: Overview of securing access to the BIG-IP system. \n\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "modified": "2015-09-23T00:00:00", "published": "2015-09-09T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/17000/200/sol17248.html", "id": "SOL17248", "title": "SOL17248 - OpenSSL vulnerability CVE-2010-0742", "type": "f5", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-11-09T00:09:44", "bulletinFamily": "software", "cvelist": ["CVE-2008-1678", "CVE-2009-4355"], "edition": 1, "description": "Recommended Action\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents.\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "modified": "2014-07-10T00:00:00", "published": "2014-07-10T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15405.html", "id": "SOL15405", "title": "SOL15405 - OpenSSL 0.9.8l vulnerability CVE-2009-4355", "type": "f5", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2020-04-06T22:39:36", "bulletinFamily": "software", "cvelist": ["CVE-2009-3555"], "description": "", "edition": 1, "modified": "2019-06-13T19:54:00", "published": "2013-07-06T01:56:00", "id": "F5:K10737", "href": "https://support.f5.com/csp/article/K10737", "title": "SSL Renegotiation vulnerability - CVE-2009-3555 / VU#120541", "type": "f5", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2016-05-30T21:02:08", "bulletinFamily": "software", "cvelist": ["CVE-2009-3555"], "edition": 1, "description": "A Man in the Middle attack allows an attacker to inject an arbitrary amount of chosen plain text into the application protocol stream data during a secure session renegotiation that uses SSL version 3.x or TLS version 1.x. This may provide an attacker the ability to perform arbitrary actions on affected websites with user's credentials. This vulnerability does not allow one to decrypt the intercepted network communication.\n\nInformation about this advisory is available at the following locations:\n\n**Note**: These links take you to a resource outside of AskF5, and it is possible that the documents may be removed without our knowledge.\n\n * <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555>\n\n**Note**: F5 thanks Marsh Ray, who originally identified and reported this vulnerability.\n\nThe IETF has adopted as [RFC5746: Transport Layer Security (TLS) Renegotiation Indication Extension](<http://tools.ietf.org/html/rfc5746>) a new extension to the TLS standard that addresses this issue. F5 Product Development has implemented this new extension beginning in BIG-IP versions 10.2.3 and 11.0.0.\n\n**Important**: When session renegotiation is disabled, some browsers may log an informational message that appears similar to the following example to the console, when connecting to F5 products:\n\nServer does not support RFC 5746, see CVE-2009-3555\n\nAlthough the message implies that the F5 product to which the browser is connecting is vulnerable to this attack, all vulnerable F5 Products have been patched to disable SSL/TLS renegotiation, and some have been further enhanced to allow explicit control over renegotiation, thus mitigating this attack. For more information regarding completed and planned updates related to this vulnerability, refer to the following table. Note that ID 223836 specifically addresses this error message.\n\nF5 Product Development is tracking this issue as follows:\n\nCR / ID | Description | Affected products | Included in \n---|---|---|--- \nCR132165 / \n \nID 213305 | Introduce the **<disable|enable>** parameter to the **[SSL::renegotiate](<https://devcentral.f5.com/wiki/iRules.ssl__renegotiate.ashx>)** iRule command to control on a per-connection basis how TMM should respond to SSL 3.0/TLS 1.0 renegotiation requests. \n\n\n**Important**: Client-side session renegotiation is still enabled, by default, in versions prior to 10.1.0. In these versions, you must apply an iRule using the **SSL::renegotiate disable **command to each virtual server configuration you wish to protect from this vulnerability. Refer to the mitigation section, following, for more information.\n\n**Note**: For more information, refer to the DevCentral wiki page for the **[SSL::renegotiate](<https://devcentral.f5.com/wiki/iRules.ssl__renegotiate.ashx>)** iRule command.\n\n| LTM, GTM, ASM, PSM, Link Controller, WebAccelerator, WOM, Enterprise Manager | BIG-IP 9.3.1 HF8 \nBIG-IP 9.4.8 HF2 \nBIG-IP 10.0.1 HF3 \nBIG-IP 10.1.0 and later \nEnterprise Manager 2.0 \nEngineering Hotfix available for: \nEnterprise Manager 1.8 \nCR132166 / \n \nID 213306 | Patch OpenSSL to disable midstream session renegotiation. This patch protects the Configuration utility and iControl against this vulnerability. | LTM, GTM, ASM, PSM, Link Controller, WebAccelerator, WOM, Enterprise Manager | BIG-IP 9.3.1 HF8 \nBIG-IP 9.4.8 HF2 \nBIG-IP 10.0.1 HF3 \nBIG-IP 10.1.0 and later \nEnterprise Manager 2.0 \nEnterprise Manager 1.8 HF1 \nCR132167 / \n \nID 213307 | Enable midstream session renegotiation for the **big3d **and **gtmd**. This CR is a companion to CR132166, re-enabling mid-stream session renegotiation for the **big3d **and **gtmd** processes, which maintain long-lived iQuery-over-SSL connections that are renegotiated daily. These connections are mutually authenticated using 2-way SSL authentication prior to exchanging application traffic and, thus, are not vulnerable to the man-in-the-middle attacks described in this Solution. | LTM, GTM, ASM, PSM, Link Controller, WebAccelerator, WOM, Enterprise Manager | BIG-IP 9.3.1 HF8 \nBIG-IP 9.4.8 HF2 \nBIG-IP 10.0.1 HF3 \nBIG-IP 10.1.0 and later \nEnterprise Manager 2.0 \nEnterprise Manager 1.8 HF1 \nCR132170 / \n \nID 213308 | Introduce a Client SSL / ServerSSL profile option to control whether midstream session renegotiation is allowed. In versions 10.1.0 - 10.2.2, the default setting for the Client SSL profile is **disabled**, and the default setting for the Server SSL profile is **enabled**. **Note**: BIG-IP versions 10.2.3 and later support the Renegotiation Indication Extension. For more information, refer to SOL13512: Change in Behavior: The BIG-IP SSL profiles support the TLS Renegotiation Indication Extension. \n| LTM, GTM, ASM, PSM, Link Controller, WebAccelerator, WOM | BIG-IP 10.1.0 and later \n \nCR132172 / \n \nID 223836 | Implement [RFC5746: Transport Layer Security (TLS) Renegotiation Indication Extension](<http://tools.ietf.org/html/rfc5746>), an extension to the TLS standard for secure midstream session renegotiation. **Note**: For more information, refer to SOL13512: Change in Behavior: The BIG-IP SSL profiles support the TLS Renegotiation Indication Extension. \n| LTM, GTM, ASM, PSM, Link Controller, WebAccelerator, WOM, Enterprise Manager | BIG-IP 10.2.3 \nBIG-IP 11.0.0 and later \n \nCR132177 / \nID 295760\n\nand\n\nCR132177-1 / \nID 294172\n\n| Patch OpenSSL to disable midstream session renegotiation. | FirePass | \n\nFirePass 7.0.0 and later \nFirePass 6.1.0 HF1 * \nFirePass 6.0.3 hotfix-132177-1 \nFirePass 6.0.2 hotfix-132177-1 \nFirePass 5.5.2 hotfix-132177-1 \nFirePass 5.5.1 hotfix-132177-1 \nFirePass 5.5 hotfix-132177-1 \n \nImportant: For version 6.1.0, the \nfix for this ID was not included in \nHF3 or HF4. Install the latest \ncumulative hotfix. \n \nID 37053 | Patch or upgrade Apache Tomcat to disable session renegotiation. | ARX | ARX 6.2.0 \n \n \nIf a named hotfix has been issued for your software version, you may download the referenced hotfix or later versions of the hotfix from the F5 [Downloads](<http://downloads.f5.com/esd/index.jsp>) site.\n\nIf an engineering hotfix has been issued for your software version, you should contact [F5 Technical Support](<http://www.f5.com/training-support/customer-support/contact/>), and reference this Solution number and the associated CR number to request the hotfix.\n\nFor a list of the latest available hotfixes, refer to SOL9502: BIG-IP hotfix matrix.\n\nFor information about the F5 hotfix policy, refer to SOL4918: Overview of the F5 critical issue hotfix policy.\n\nFor information about how to manage F5 product hotfixes, refer to SOL6845: Managing F5 product hotfixes.\n\nFor information about installing version 10.x hotfixes, refer to SOL10025: Managing BIG-IP product hotfixes (10.x).\n\n**Mitigation steps for BIG-IP LTM, ASM, PSM, Link Controller, WebAccelerator, or WOM SSL virtual servers**\n\nYou can use the Client SSL profile Renegotiation setting or an iRule to disable client-side session renegotiation for virtual servers. Refer to the following section that applies to your version:\n\n**Note**: Applications that require session renegotiation are inherently vulnerable to the attack. Only removal of the renegotiation requirement in the application itself will eliminate the vulnerability. If session renegotiation is disabled by any of the vulnerability mitigation steps described later, without modifying the application, client connections will be dropped. For example, IE 5.0 clients accessing applications which use SGC (Server Gated Cryptography) certificates are known to require renegotiation, and their connections would be disrupted by such a configuration.\n\n**Important**: Any mitigation action that re-enables session re-negotiation on patched vulnerable versions may re-expose your F5 system to this vulnerability. In some cases, iRule logic can be used to control this behavior. Refer to the following sections for details regarding your product and version.\n\n**BIG-IP versions 10.1.0 and later**\n\nBIG-IP versions 10.2.3 and later support the Renegotiation Indication Extension. SSL Renegotiation setting is **Enabled,** by default, in the SSL profiles, however, the system requires secure renegotiation of SSL connections. For more information, refer to SOL13512: Change in Behavior: The BIG-IP SSL profiles support the TLS Renegotiation Indication Extension.\n\nIn BIG-IP version 10.1.0, the Renegotiation setting was added to the BIG-IP Client session and Server SSL profiles as a result of ID 213308 (formerly CR132180). In versions 10.1.0 - 10.2.2, the Renegotiation setting is **Disabled **by default in the Client SSL profile. Virtual servers using a Client SSL profile with the Renegotiation setting configured to **Disabled **are protected from this vulnerability.\n\nIf necessary, you can selectively enable renegotiation using the **SSL::renegotiate** iRules command on a virtual server that has renegotiation disabled in its Client SSL profile. For example, an iRule similar to the following enables renegotiation only for clients within a single Class C subnet:\n\nwhen CLIENTSSL_HANDSHAKE priority 1 { \nif { [IP::addr [IP::client_addr] equals 192.168.222.0/24] }{ \nSSL::renegotiate enable \n} \n}\n\n**Note**: For more information, refer to the DevCentral wiki page for the [SSL::renegotiate](<https://devcentral.f5.com/wiki/iRules.ssl__renegotiate.ashx>) iRule command. A separate DevCentral login is required to access this content; you will be redirected to authenticate or register (if necessary).\n\n**BIG-IP versions 9.3.1 HF8, 9.4.8 HF2, 10.0.1 HF3, and 10.1.0 through 10.2.x**\n\nTo mitigate the vulnerability, a BIG-IP system administrator may apply iRules similar to the following to each SSL virtual server. This sample iRule uses the **SSL::renegotiate** command to disable client-side session renegotiation, which prevents the BIG-IP system from processing a secondary session renegotiation request:\n\nwhen CLIENTSSL_HANDSHAKE priority 1 { \nSSL::renegotiate disable \n}\n\nThe **<enable|disable>**parameter was added to the **SSL::renegotiate** command in versions 9.3.1 HF8, 9.4.8 HF2, 10.0.1 HF3, 10.1.x, and 10.2.0 as a result of ID 213305 (formerly CR132165). In versions prior to 10.1.0, all virtual servers with a Client SSL profile applied will, by default, still accept session renegotiation.\n\n**Note**: For more information, refer to the DevCentral wiki page for the [SSL::renegotiate](<https://devcentral.f5.com/wiki/iRules.ssl__renegotiate.ashx>) iRule command. A separate DevCentral login is required to access this content; you will be redirected to authenticate or register (if necessary).\n\n**BIG-IP versions 9.4.x, 9.3.x prior to 9.3.1 HF8, and 10.0.x prior to 10.0.1 HF3**\n\nTo mitigate the vulnerability in versions that do not include the **SSL::renegotiate** command, apply an iRule similar to the following to each SSL virtual server. The iRule resets the connection if client-side SSL renegotiation is attempted.\n\nwhen CLIENT_ACCEPTED { \n# initialize TLS/SSL handshake count for this connection \nset sslhandshakecount 0 \n} \nwhen CLIENTSSL_HANDSHAKE priority 1 { \n# a handshake just occurred \nincr sslhandshakecount \n# is this the first handshake in this connection? \nif { $sslhandshakecount > 1 } { \n# log (rate limited) the event (to /var/log/ltm) \nlog \"\\\\[VS [IP::local_addr]:[TCP::local_port] client [IP::remote_addr]:[TCP::remote_port]\\\\]:TLS/SSL renegotiation\" \n# if not, close the clientside connection \nreject \n} \n} \n\n\n**Note**: This example was provided by F5 DevCentral poster Lupo. The original post is available at the following location:\n\n[mitigating the TLS client-initiated renegotiation MITM attack](<http://devcentral.f5.com/Default.aspx?tabid=53&forumid=5&postid=86456&view=topic>)\n\nA separate DevCentral login is required to access this content; you will be redirected to authenticate or register (if necessary).\n", "modified": "2013-07-05T00:00:00", "published": "2009-11-05T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html", "id": "SOL10737", "title": "SOL10737 - SSL Renegotiation vulnerability - CVE-2009-3555 / VU#120541", "type": "f5", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-01T05:51:38", "description": "Incorrect use of an openssl cleanup function can lead to memory leaks\nin applications. For example an ssl enabled web server such as apache\nthat uses php, curl and openssl leaks memory if a SIGHUP signal was\nsent to apache. The openssl cleanup function was made more robust to\navoid memory leaks (CVE-2009-4355).", "edition": 22, "published": "2010-01-25T00:00:00", "title": "openSUSE Security Update : openssl-CVE-2009-4355.patch (openssl-CVE-2009-4355.patch-1833)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4355"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:openssl", "cpe:/o:novell:opensuse:11.0", "p-cpe:/a:novell:opensuse:libopenssl0_9_8-32bit", "p-cpe:/a:novell:opensuse:libopenssl0_9_8", "p-cpe:/a:novell:opensuse:libopenssl-devel", "p-cpe:/a:novell:opensuse:openssl-certs"], "id": "SUSE_11_0_OPENSSL-CVE-2009-4355_PATCH-100115.NASL", "href": "https://www.tenable.com/plugins/nessus/44125", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openssl-CVE-2009-4355.patch-1833.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(44125);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/10/25 13:36:37\");\n\n script_cve_id(\"CVE-2009-4355\");\n\n script_name(english:\"openSUSE Security Update : openssl-CVE-2009-4355.patch (openssl-CVE-2009-4355.patch-1833)\");\n script_summary(english:\"Check for the openssl-CVE-2009-4355.patch-1833 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Incorrect use of an openssl cleanup function can lead to memory leaks\nin applications. For example an ssl enabled web server such as apache\nthat uses php, curl and openssl leaks memory if a SIGHUP signal was\nsent to apache. The openssl cleanup function was made more robust to\navoid memory leaks (CVE-2009-4355).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=566238\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl-CVE-2009-4355.patch packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl0_9_8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl0_9_8-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-certs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"libopenssl-devel-0.9.8g-47.12\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"libopenssl0_9_8-0.9.8g-47.12\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"openssl-0.9.8g-47.12\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"openssl-certs-0.9.8g-47.12\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8g-47.12\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libopenssl-devel / libopenssl0_9_8 / libopenssl0_9_8-32bit / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T05:52:53", "description": "Incorrect use of an openssl cleanup function can lead to memory leaks\nin applications. For example an ssl enabled web server such as apache\nthat uses php, curl and openssl leaks memory if a SIGHUP signal was\nsent to apache. The openssl cleanup function was made more robust to\navoid memory leaks (CVE-2009-4355).\n\nAdditionally a problem with creating pkcs12 files was fixed.", "edition": 22, "published": "2010-01-25T00:00:00", "title": "openSUSE Security Update : openssl-CVE-2009-4355.patch (openssl-CVE-2009-4355.patch-1834)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4355"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:openssl", "p-cpe:/a:novell:opensuse:libopenssl0_9_8-32bit", "cpe:/o:novell:opensuse:11.1", "p-cpe:/a:novell:opensuse:libopenssl0_9_8", "p-cpe:/a:novell:opensuse:libopenssl-devel"], "id": "SUSE_11_1_OPENSSL-CVE-2009-4355_PATCH-100120.NASL", "href": "https://www.tenable.com/plugins/nessus/44127", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openssl-CVE-2009-4355.patch-1834.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(44127);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/10/25 13:36:38\");\n\n script_cve_id(\"CVE-2009-4355\");\n\n script_name(english:\"openSUSE Security Update : openssl-CVE-2009-4355.patch (openssl-CVE-2009-4355.patch-1834)\");\n script_summary(english:\"Check for the openssl-CVE-2009-4355.patch-1834 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Incorrect use of an openssl cleanup function can lead to memory leaks\nin applications. For example an ssl enabled web server such as apache\nthat uses php, curl and openssl leaks memory if a SIGHUP signal was\nsent to apache. The openssl cleanup function was made more robust to\navoid memory leaks (CVE-2009-4355).\n\nAdditionally a problem with creating pkcs12 files was fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=467437\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=566238\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl-CVE-2009-4355.patch packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl0_9_8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl0_9_8-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libopenssl-devel-0.9.8h-28.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libopenssl0_9_8-0.9.8h-28.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"openssl-0.9.8h-28.13.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"libopenssl0_9_8-32bit-0.9.8h-28.13.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libopenssl-devel / libopenssl0_9_8 / libopenssl0_9_8-32bit / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T05:54:10", "description": "Incorrect use of an openssl cleanup function can lead to memory leaks\nin applications. For example an ssl enabled web server such as apache\nthat uses php, curl and openssl leaks memory if a SIGHUP signal was\nsent to apache. The openssl cleanup function was made more robust to\navoid memory leaks. (CVE-2009-4355)", "edition": 23, "published": "2010-01-25T00:00:00", "title": "SuSE 11.2 Security Update: openssl-CVE-2009-4355.patch (2010-01-15)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4355"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:openssl", "p-cpe:/a:novell:opensuse:libopenssl0_9_8-32bit", "p-cpe:/a:novell:opensuse:libopenssl0_9_8", "cpe:/o:novell:opensuse:11.2", "p-cpe:/a:novell:opensuse:libopenssl-devel", "p-cpe:/a:novell:opensuse:openssl-certs"], "id": "SUSE_11_2_OPENSSL-CVE-2009-4355_PATCH-100115.NASL", "href": "https://www.tenable.com/plugins/nessus/44129", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Updates.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(44129);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/10/25 13:36:38\");\n\n script_cve_id(\"CVE-2009-4355\");\n script_bugtraq_id(31692);\n\n script_name(english:\"SuSE 11.2 Security Update: openssl-CVE-2009-4355.patch (2010-01-15)\");\n script_summary(english:\"Check for the openssl packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"Incorrect use of an openssl cleanup function can lead to memory leaks\nin applications. For example an ssl enabled web server such as apache\nthat uses php, curl and openssl leaks memory if a SIGHUP signal was\nsent to apache. The openssl cleanup function was made more robust to\navoid memory leaks. (CVE-2009-4355)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.novell.com/show_bug.cgi?id=566238\");\n script_set_attribute(attribute:\"solution\", value:\"Update the affected openssl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl0_9_8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libopenssl0_9_8-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssl-certs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/01/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/25\");\n\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libopenssl-devel-0.9.8k-3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libopenssl0_9_8-0.9.8k-3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"libopenssl0_9_8-32bit-0.9.8k-3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"openssl-0.9.8k-3.6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", reference:\"openssl-certs-0.9.8h-28.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl / openssl-certs / libopenssl0_9_8 / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T04:32:59", "description": "According to its banner, the remote web server is running a version\nof OpenSSL older than 0.9.8o / 1.0.0a. Such versions have the\nfollowing vulnerabilities :\n\n - The mishandling of Cryptographic Message Syntax \n structures containing an OriginatorInfo element can \n lead to data being written to invalid memory addresses \n or memory being freed up twice. (CVE-2010-0742)\n\n - An uninitialized buffer of undefined length is returned\n when verification recovery fails for RSA keys. This \n allows an attacker to bypass key checks in applications\n calling the function EVP_PKEY_verify_recover(). Note \n this function is not used by OpenSSLcode itself. \n (CVE-2010-1633)", "edition": 23, "published": "2010-06-03T00:00:00", "title": "OpenSSL < 0.9.8o / 1.0.0a Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0742", "CVE-2010-1633"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_1_0_0A.NASL", "href": "https://www.tenable.com/plugins/nessus/46801", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(46801);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/07/16 14:09:14\");\n\n script_cve_id(\"CVE-2010-0742\", \"CVE-2010-1633\");\n script_bugtraq_id(40502, 40503);\n script_xref(name:\"Secunia\", value:\"40024\");\n\n script_name(english:\"OpenSSL < 0.9.8o / 1.0.0a Multiple Vulnerabilities\");\n script_summary(english:\"Does a banner check\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote web server has a SSL-related vulnerability.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"According to its banner, the remote web server is running a version\nof OpenSSL older than 0.9.8o / 1.0.0a. Such versions have the\nfollowing vulnerabilities :\n\n - The mishandling of Cryptographic Message Syntax \n structures containing an OriginatorInfo element can \n lead to data being written to invalid memory addresses \n or memory being freed up twice. (CVE-2010-0742)\n\n - An uninitialized buffer of undefined length is returned\n when verification recovery fails for RSA keys. This \n allows an attacker to bypass key checks in applications\n calling the function EVP_PKEY_verify_recover(). Note \n this function is not used by OpenSSLcode itself. \n (CVE-2010-1633)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.openssl.org/news/secadv/20100601.txt\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Upgrade to OpenSSL 0.9.8o / 1.0.0a or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"vuln_publication_date\",value:\"2010/06/01\");\n script_set_attribute(attribute:\"patch_publication_date\",value:\"2010/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\",value:\"2010/06/03\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n\n script_dependencie(\"http_version.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"backport.inc\");\n\n\nif (report_paranoia < 2)\n exit(1, \"This plugin only runs if 'Report paranoia' is set to 'Paranoid'.\");\n\nport = get_http_port(default:80);\n\nbanner = get_backport_banner(banner:get_http_banner(port:port));\nif (!banner) \n exit(1, \"Unable to get the banner from the web server on port \"+port+\".\");\n\nif (!egrep(string:banner, pattern:'^Server:'))\n exit(0, \"The web server on port \"+port+\" doesn't return a Server response header.\");\nif (\"OpenSSL/\" >!< banner)\n exit(0, \"The Server response header for the web server on port \"+port+\" doesn't mention OpenSSL.\");\n\npat = \"^Server:.*OpenSSL/([^ ]+)\";\nversion = NULL;\n\nforeach line (split(banner, sep:'\\r\\n', keep:FALSE))\n{\n match = eregmatch(pattern:pat, string:line);\n if (!isnull(match))\n {\n version = match[1];\n break;\n }\n}\nif (isnull(version))\n exit(0, \"The web server on port \"+port+\" doesn't appear to use OpenSSL.\");\n\nif (\n (version =~ \"^0\\.9\\.([0-7]([^0-9]|$)|8([^a-z0-9]|[a-n]|$))\") ||\n (version =~ \"^1\\.0\\.0(-beta|$)\")\n)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\nOpenSSL version '+version+' appears to be running on the remote\\n'+\n 'host based on the following Server response header :\\n\\n'+\n ' '+line+'\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse exit(0, 'The web server on port \"+port+\" uses OpenSSL '+version+', which is not affected.');\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:08:55", "description": "Minor update from upstream fixing two security vulnerabilities -\nCVE-2010-0742 and CVE-2010-1633. It is fully ABI compatible with\nopenssl-1.0.0.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2010-07-01T00:00:00", "title": "Fedora 13 : openssl-1.0.0a-1.fc13 (2010-9574)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0742", "CVE-2010-1633"], "modified": "2010-07-01T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:openssl", "cpe:/o:fedoraproject:fedora:13"], "id": "FEDORA_2010-9574.NASL", "href": "https://www.tenable.com/plugins/nessus/47542", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-9574.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47542);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-0742\", \"CVE-2010-1633\");\n script_bugtraq_id(40503);\n script_xref(name:\"FEDORA\", value:\"2010-9574\");\n\n script_name(english:\"Fedora 13 : openssl-1.0.0a-1.fc13 (2010-9574)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Minor update from upstream fixing two security vulnerabilities -\nCVE-2010-0742 and CVE-2010-1633. It is fully ABI compatible with\nopenssl-1.0.0.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=598732\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=598738\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-June/042855.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5da790a8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"openssl-1.0.0a-1.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:08:56", "description": "Minor update from upstream fixing two security vulnerabilities -\nCVE-2010-0742 and CVE-2010-1633. It is fully ABI compatible with\nopenssl-1.0.0.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2010-07-01T00:00:00", "title": "Fedora 12 : openssl-1.0.0a-1.fc12 (2010-9639)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0742", "CVE-2010-1633"], "modified": "2010-07-01T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:openssl", "cpe:/o:fedoraproject:fedora:12"], "id": "FEDORA_2010-9639.NASL", "href": "https://www.tenable.com/plugins/nessus/47546", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-9639.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47546);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-0742\", \"CVE-2010-1633\");\n script_bugtraq_id(40502, 40503);\n script_xref(name:\"FEDORA\", value:\"2010-9639\");\n\n script_name(english:\"Fedora 12 : openssl-1.0.0a-1.fc12 (2010-9639)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Minor update from upstream fixing two security vulnerabilities -\nCVE-2010-0742 and CVE-2010-1633. It is fully ABI compatible with\nopenssl-1.0.0.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=598732\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=598738\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-June/042919.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bb56823c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"openssl-1.0.0a-1.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:08:40", "description": "Update to upstream version 0.9.8n fixing multiple security issues:\nCVE-2009-3555, CVE-2009-3245, CVE-2009-4355, and CVE-2010-0433. Refer\nto upstream CHANGES file for the detailed list of changes since\nversion 0.9.8k :\n\n -\n http://cvs.openssl.org/fileview?f=openssl/CHANGES&v=1.12\n 38.2.193\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "published": "2010-07-01T00:00:00", "title": "Fedora 11 : openssl-0.9.8n-1.fc11 (2010-5357)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4355", "CVE-2009-3245", "CVE-2009-3555", "CVE-2010-0433"], "modified": "2010-07-01T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:openssl", "cpe:/o:fedoraproject:fedora:11"], "id": "FEDORA_2010-5357.NASL", "href": "https://www.tenable.com/plugins/nessus/47385", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-5357.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47385);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-3245\", \"CVE-2009-3555\", \"CVE-2009-4355\", \"CVE-2010-0433\");\n script_bugtraq_id(35001, 35138, 36935, 38533, 38562, 39013);\n script_xref(name:\"FEDORA\", value:\"2010-5357\");\n\n script_name(english:\"Fedora 11 : openssl-0.9.8n-1.fc11 (2010-5357)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to upstream version 0.9.8n fixing multiple security issues:\nCVE-2009-3555, CVE-2009-3245, CVE-2009-4355, and CVE-2010-0433. Refer\nto upstream CHANGES file for the detailed list of changes since\nversion 0.9.8k :\n\n -\n http://cvs.openssl.org/fileview?f=openssl/CHANGES&v=1.12\n 38.2.193\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://cvs.openssl.org/fileview?f=openssl/CHANGES&v=1.1238.2.193\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=533125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=546707\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=569774\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=570924\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?875f78de\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 310, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"openssl-0.9.8n-1.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T04:32:56", "description": "According to its banner, the remote web server uses a version of\nOpenSSL older than 0.9.8m. Such versions have the following\nvulnerabilities :\n\n - Session renegotiations are not handled properly, which could\n be exploited to insert arbitrary plaintext by a\n man-in-the-middle. (CVE-2009-3555)\n\n - The library does not check for a NULL return value from calls\n to the bn_wexpand() function, which has unspecified impact.\n (CVE-2009-3245)\n \n - A memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c \n allows remote attackers to cause a denial of service via vectors that \n trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function.\n (CVE-2008-1678, CVE-2009-4355)\n \n For this vulnerability to be exploitable, compression must be enabled in OpenSSL\n for SSL/TLS connections. \n", "edition": 25, "published": "2010-03-11T00:00:00", "title": "OpenSSL < 0.9.8m Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-4343", "CVE-2008-1678", "CVE-2009-4355", "CVE-2009-3245", "CVE-2009-3555"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:openssl:openssl"], "id": "OPENSSL_0_9_8M.NASL", "href": "https://www.tenable.com/plugins/nessus/45039", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(45039);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2018/11/15 20:50:25\");\n\n script_cve_id(\"CVE-2006-4343\", \"CVE-2008-1678\", \"CVE-2009-3245\", \"CVE-2009-3555\", \"CVE-2009-4355\");\n script_bugtraq_id(31692, 36935, 38562);\n script_xref(name:\"Secunia\", value:\"37291\");\n script_xref(name:\"Secunia\", value:\"38200\");\n\n script_name(english:\"OpenSSL < 0.9.8m Multiple Vulnerabilities\");\n script_summary(english:\"Does a banner check\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote web server has multiple SSL-related vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"According to its banner, the remote web server uses a version of\nOpenSSL older than 0.9.8m. Such versions have the following\nvulnerabilities :\n\n - Session renegotiations are not handled properly, which could\n be exploited to insert arbitrary plaintext by a\n man-in-the-middle. (CVE-2009-3555)\n\n - The library does not check for a NULL return value from calls\n to the bn_wexpand() function, which has unspecified impact.\n (CVE-2009-3245)\n \n - A memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c \n allows remote attackers to cause a denial of service via vectors that \n trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function.\n (CVE-2008-1678, CVE-2009-4355)\n \n For this vulnerability to be exploitable, compression must be enabled in OpenSSL\n for SSL/TLS connections. \n\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://rt.openssl.org/Ticket/Display.html?id=2111&user=guest&pass=guest\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://marc.info/?l=openssl-announce&m=126714485629486&w=2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to OpenSSL 0.9.8m or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 310, 399);\n script_set_attribute(attribute:\"vuln_publication_date\",value:\"2009/11/09\");\n script_set_attribute(attribute:\"patch_publication_date\",value:\"2010/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\",value:\"2010/03/11\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openssl:openssl\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n\n script_dependencie(\"http_version.nasl\");\n script_require_ports(\"Services/www\", 443);\n script_require_keys(\"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"backport.inc\");\n\n\nif (report_paranoia < 2)\n exit(1, \"This plugin only runs if 'Report paranoia' is set to 'Paranoid'.\");\n\nport = get_http_port(default:80);\nbanner = get_backport_banner(banner:get_http_banner(port:port));\nif (!banner) exit(1, \"Unable to get the banner from web server on port \"+port+\".\");\n\nif (!egrep(string:banner, pattern:'^Server:'))\n exit(0, \"The web server on port \"+port+\" doesn't return a Server response header.\");\nif (\"OpenSSL/\" >!< banner)\n exit(0, \"The Server response header for the web server on port \"+port+\" doesn't mention OpenSSL.\");\n\npat = \"^Server:.*OpenSSL/([^ ]+)\";\nversion = NULL;\n\nforeach line (split(banner, sep:'\\r\\n', keep:FALSE))\n{\n match = eregmatch(pattern:pat, string:line);\n if (!isnull(match))\n {\n version = match[1];\n break;\n }\n}\n\nif (isnull(version))\n exit(0, \"Failed to extract the version of OpenSSL used by the web server on port \"+port+\".\");\n\n# anything less than 0.9.8m, and anything that looks like 0.9.8-beta\nif (version =~ \"^0\\.9\\.([0-7]|8([^a-z0-9]|[a-l]|$))\")\n{\n if (report_verbosity > 0)\n {\n report =\n '\\nOpenSSL version '+version+' appears to be running on the remote\\n'+\n 'host based on the following Server response header :\\n\\n'+\n ' '+line+'\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n exit(0);\n}\nelse exit(0, 'The web server on port \"+port+\" uses OpenSSL '+version+', which is not affected.');\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:08:55", "description": "Fix for an important security vulnerability CVE-2010-0742.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2010-07-01T00:00:00", "title": "Fedora 11 : openssl-0.9.8n-2.fc11 (2010-9421)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0742"], "modified": "2010-07-01T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:openssl", "cpe:/o:fedoraproject:fedora:11"], "id": "FEDORA_2010-9421.NASL", "href": "https://www.tenable.com/plugins/nessus/47534", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-9421.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47534);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-0742\");\n script_bugtraq_id(31692, 35001, 35138, 38533, 38562, 39013, 40502);\n script_xref(name:\"FEDORA\", value:\"2010-9421\");\n\n script_name(english:\"Fedora 11 : openssl-0.9.8n-2.fc11 (2010-9421)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for an important security vulnerability CVE-2010-0742.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=598738\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-June/043193.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?65b43e29\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"openssl-0.9.8n-2.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-01T01:58:15", "description": "The Cryptographic Message Syntax (CMS) implementation in\ncrypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a\ndoes not properly handle structures that contain OriginatorInfo, which\nallows context-dependent attackers to modify invalid memory locations\nor conduct double-free attacks, and possibly execute arbitrary code,\nvia unspecified vectors. (CVE-2010-0742)\n\nImpact\n\nA locally authenticated user, with a role that allowsadvanced shell\n(bash) access, may be able to exploit OpenSSL to modify invalid memory\nlocations or conduct double-free attacks, and execute arbitrary code.\nHowever, affected F5 products that contain the vulnerable software\ncomponent do not use the components in a way that exposes this\nvulnerability. There are no remote access vectors for this issue, and\nthere is no data plane exposure.", "edition": 26, "published": "2015-09-10T00:00:00", "title": "F5 Networks BIG-IP : OpenSSL vulnerability (K17248)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-0742"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/h:f5:big-ip_protocol_security_manager", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/h:f5:big-ip", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/a:f5:big-ip_access_policy_manager"], "id": "F5_BIGIP_SOL17248.NASL", "href": "https://www.tenable.com/plugins/nessus/85890", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K17248.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85890);\n script_version(\"2.6\");\n script_cvs_date(\"Date: 2019/01/04 10:03:40\");\n\n script_cve_id(\"CVE-2010-0742\");\n script_bugtraq_id(40502);\n\n script_name(english:\"F5 Networks BIG-IP : OpenSSL vulnerability (K17248)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Cryptographic Message Syntax (CMS) implementation in\ncrypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a\ndoes not properly handle structures that contain OriginatorInfo, which\nallows context-dependent attackers to modify invalid memory locations\nor conduct double-free attacks, and possibly execute arbitrary code,\nvia unspecified vectors. (CVE-2010-0742)\n\nImpact\n\nA locally authenticated user, with a role that allowsadvanced shell\n(bash) access, may be able to exploit OpenSSL to modify invalid memory\nlocations or conduct double-free attacks, and execute arbitrary code.\nHowever, affected F5 products that contain the vulnerable software\ncomponent do not use the components in a way that exposes this\nvulnerability. There are no remote access vectors for this issue, and\nthere is no data plane exposure.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K17248\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K17248.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K17248\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"10.1.0-10.2.4\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.0.0-11.6.0\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"10.1.0-10.2.4\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.0.0-11.6.0\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"10.1.0-10.2.4\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.0.0-11.6.0\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"10.1.0-10.2.4\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.0.0-11.6.0\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"10.1.0-10.2.4\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"12.0.0\",\"11.0.0-11.6.0\");\n\n# PSM\nvmatrix[\"PSM\"] = make_array();\nvmatrix[\"PSM\"][\"affected\" ] = make_list(\"10.1.0-10.2.4\");\nvmatrix[\"PSM\"][\"unaffected\"] = make_list(\"11.0.0-11.4.1\");\n\n# WAM\nvmatrix[\"WAM\"] = make_array();\nvmatrix[\"WAM\"][\"affected\" ] = make_list(\"10.1.0-10.2.4\");\nvmatrix[\"WAM\"][\"unaffected\"] = make_list(\"11.0.0-11.3.0\");\n\n# WOM\nvmatrix[\"WOM\"] = make_array();\nvmatrix[\"WOM\"][\"affected\" ] = make_list(\"10.1.0-10.2.4\");\nvmatrix[\"WOM\"][\"unaffected\"] = make_list(\"11.0.0-11.3.0\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openssl": [{"lastseen": "2020-09-14T11:36:47", "bulletinFamily": "software", "cvelist": ["CVE-2009-4355"], "description": " A memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c allows remote attackers to cause a denial of service via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function. Reported by Michael K Johnson and Andy Grimm (rPath). \n\n * Fixed in OpenSSL 0.9.8m [(git commit)](<https://github.com/openssl/openssl/commit/1b31b5ad560b16e2fe1cad54a755e3e6b5e778a3>) (Affected 0.9.8-0.9.8l)\n", "edition": 1, "modified": "2010-01-13T00:00:00", "published": "2010-01-13T00:00:00", "id": "OPENSSL:CVE-2009-4355", "href": "https://www.openssl.org/news/vulnerabilities.html", "title": "Vulnerability in OpenSSL CVE-2009-4355", "type": "openssl", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-09-14T11:36:46", "bulletinFamily": "software", "cvelist": ["CVE-2010-0742"], "description": " A flaw in the handling of CMS structures containing OriginatorInfo was found which could lead to a write to invalid memory address or double free. CMS support is disabled by default in OpenSSL 0.9.8 versions. Reported by Ronald Moesbergen. \n\n * Fixed in OpenSSL 1.0.0a (Affected 1.0.0)\n * Fixed in OpenSSL 0.9.8o (Affected 0.9.8h-0.9.8n)\n", "edition": 1, "modified": "2010-06-01T00:00:00", "published": "2010-06-01T00:00:00", "id": "OPENSSL:CVE-2010-0742", "href": "https://www.openssl.org/news/secadv/20100601.txt", "title": "Vulnerability in OpenSSL CVE-2010-0742", "type": "openssl", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-09-14T11:36:45", "bulletinFamily": "software", "cvelist": ["CVE-2010-1633"], "description": " An invalid Return value check in pkey_rsa_verifyrecover was discovered. When verification recovery fails for RSA keys an uninitialised buffer with an undefined length is returned instead of an error code. This could lead to an information leak. Reported by Peter-Michael Hager. \n\n * Fixed in OpenSSL 1.0.0a (Affected 1.0.0)\n", "edition": 1, "modified": "2010-06-01T00:00:00", "published": "2010-06-01T00:00:00", "id": "OPENSSL:CVE-2010-1633", "href": "https://www.openssl.org/news/secadv/20100601.txt", "title": "Vulnerability in OpenSSL CVE-2010-1633", "type": "openssl", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-09-14T11:36:47", "bulletinFamily": "software", "cvelist": ["CVE-2009-3555"], "description": " Implement RFC5746 to address vulnerabilities in SSL/TLS renegotiation.\n\n * Fixed in OpenSSL 0.9.8m (Affected 0.9.8-0.9.8l)\n", "edition": 1, "modified": "2009-11-05T00:00:00", "published": "2009-11-05T00:00:00", "id": "OPENSSL:CVE-2009-3555", "href": "https://www.openssl.org/news/secadv/20091111.txt", "title": "Vulnerability in OpenSSL CVE-2009-3555", "type": "openssl", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "seebug": [{"lastseen": "2017-11-19T18:10:50", "description": "No description provided by source.", "published": "2010-06-03T00:00:00", "type": "seebug", "title": "OpenSSL Cryptographic Message Syntax "OriginatorInfo" Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-0742", "CVE-2010-1633"], "modified": "2010-06-03T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-19727", "id": "SSV:19727", "sourceData": "\n OpenSSL Security Advisory [01-Jun-2010]\r\n\r\nTwo security flaws have been fixed in OpenSSL 0.9.8o and OpenSSL 1.0.0a.\r\n\r\nInvalid ASN1 module definition for CMS.\r\n=======================================\r\n\r\nCMS structures containing OriginatorInfo are mishandled this can write to\r\ninvalid memory addresses or free up memory twice\r\n(CVE-2010-0742).\r\n\r\nThis bug is only present in the CMS code: the older PKCS#7 code is not affected.\r\n\r\nCMS is only present in OpenSSL 0.9.8h and later where it is disabled by\r\ndefault and 1.0.0 where it is enabled by default.\r\n\r\nUsers of OpenSSL CMS code should update to 0.9.8o or 1.0.0a which contains a\r\npatch to correct this issue.\r\n\r\nThanks to Ronald Moesbergen for reporting this issue.\r\n\r\nInvalid Return value check in pkey_rsa_verifyrecover\r\n====================================================\r\n\r\nWhen verification recovery fails for RSA keys an uninitialised buffer with an\r\nundefined length is returned instead of an error code (CVE-2010-1633).\r\n\r\nThis bug is only present in OpenSSL 1.0.0 and only affects applications that\r\ncall the function EVP_PKEY_verify_recover(). As this function is not present\r\nin previous versions of OpenSSL and not used by OpenSSL internal code very few\r\napplications should be affected. The OpenSSL utility application "pkeyutl" does \r\nuse this function.\r\n\r\nAffected users should update to 1.0.0a which contains a patch to correct this\r\nbug.\r\n\r\nThanks to Peter-Michael Hager for reporting this issue.\r\n\r\n\r\nReferences\r\n===========\r\n\r\nURL for this Security Advisory:\r\nhttp://www.openssl.org/news/secadv_20100601.txt\r\n\r\n\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-19727", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-11-19T18:10:49", "description": "BUGTRAQ ID: 40502\r\nCVE ID: CVE-2010-0742\r\n\r\nOpenSSL\u662f\u4e00\u79cd\u5f00\u653e\u6e90\u7801\u7684SSL\u5b9e\u73b0\uff0c\u7528\u6765\u5b9e\u73b0\u7f51\u7edc\u901a\u4fe1\u7684\u9ad8\u5f3a\u5ea6\u52a0\u5bc6\uff0c\u73b0\u5728\u88ab\u5e7f\u6cdb\u5730\u7528\u4e8e\u5404\u79cd\u7f51\u7edc\u5e94\u7528\u7a0b\u5e8f\u4e2d\u3002\r\n\r\nOpenSSL\u6ca1\u6709\u6b63\u786e\u5730\u5904\u7406\u52a0\u5bc6\u6d88\u606f\u53e5\u6cd5\uff08CMS\uff09\u7ed3\u6784\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u5305\u542b\u6709OriginatorInfo\u5143\u7d20\u7684\u7279\u5236CMS\u7ed3\u6784\u89e6\u53d1\u65e0\u6548\u5185\u5b58\u5730\u5740\u5199\u5165\u6216\u53cc\u91cd\u91ca\u653e\uff0c\u5bfc\u81f4\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\n\nOpenSSL 1.0.0\r\nOpenSSL 0.9.8\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nOpenSSL Project\r\n---------------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.openssl.org/source/openssl-0.9.8o.tar.gz\r\nhttp://www.openssl.org/source/openssl-1.0.0a.tar.gz", "published": "2010-06-04T00:00:00", "type": "seebug", "title": "OpenSSL CMS\u7ed3\u6784\u5904\u7406\u5185\u5b58\u7834\u574f\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-0742"], "modified": "2010-06-04T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-19735", "id": "SSV:19735", "sourceData": "", "sourceHref": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-11-19T18:11:20", "description": "BUGTRAQ ID: 40503\r\nCVE ID: CVE-2010-1633\r\n\r\nOpenSSL\u662f\u4e00\u79cd\u5f00\u653e\u6e90\u7801\u7684SSL\u5b9e\u73b0\uff0c\u7528\u6765\u5b9e\u73b0\u7f51\u7edc\u901a\u4fe1\u7684\u9ad8\u5f3a\u5ea6\u52a0\u5bc6\uff0c\u73b0\u5728\u88ab\u5e7f\u6cdb\u5730\u7528\u4e8e\u5404\u79cd\u7f51\u7edc\u5e94\u7528\u7a0b\u5e8f\u4e2d\u3002\r\n\r\n\u5f53\u9a8c\u8bc1\u6062\u590d\u8fdb\u7a0b\u5931\u8d25\u7684\u60c5\u51b5\u4e0b\u6240\u8fd4\u56de\u7684\u662f\u672a\u521d\u59cb\u5316\u7684\u7f13\u51b2\u533a\u800c\u4e0d\u662f\u51fa\u9519\u4ee3\u7801\uff0c\u4f7f\u7528EVP_PKEY_verify_recover()\u51fd\u6570\u7684\u5e94\u7528\u53ef\u4ee5\u5229\u7528\u8fd9\u4e2a\u60c5\u51b5\u7ed5\u8fc7\u5bc6\u94a5\u9a8c\u8bc1\u83b7\u5f97\u975e\u6388\u6743\u8bbf\u95ee\u3002\n\nOpenSSL 1.0.0\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nOpenSSL Project\r\n---------------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.openssl.org/source/openssl-1.0.0a.tar.gz", "published": "2010-06-04T00:00:00", "type": "seebug", "title": "OpenSSL EVP_PKEY_verify_recover()\u65e0\u6548\u8fd4\u56de\u503c\u7ed5\u8fc7\u5bc6\u94a5\u9a8c\u8bc1\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2010-1633"], "modified": "2010-06-04T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-19736", "id": "SSV:19736", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:35", "bulletinFamily": "software", "cvelist": ["CVE-2009-4355"], "description": "It's possible to exploit memory leak to create denial of service conditions via resources exhaustion.", "edition": 1, "modified": "2010-01-17T00:00:00", "published": "2010-01-17T00:00:00", "id": "SECURITYVULNS:VULN:10519", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10519", "title": "OpenSSL memory leak", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:33", "bulletinFamily": "software", "cvelist": ["CVE-2009-4355"], "description": "===========================================================\r\nUbuntu Security Notice USN-884-1 January 14, 2010\r\nopenssl vulnerability\r\nCVE-2009-4355\r\n===========================================================\r\n\r\nA security issue affects the following Ubuntu releases:\r\n\r\nUbuntu 6.06 LTS\r\nUbuntu 8.04 LTS\r\nUbuntu 8.10\r\nUbuntu 9.04\r\nUbuntu 9.10\r\n\r\nThis advisory also applies to the corresponding versions of\r\nKubuntu, Edubuntu, and Xubuntu.\r\n\r\nThe problem can be corrected by upgrading your system to the\r\nfollowing package versions:\r\n\r\nUbuntu 6.06 LTS:\r\n libssl0.9.8 0.9.8a-7ubuntu0.11\r\n\r\nUbuntu 8.04 LTS:\r\n libssl0.9.8 0.9.8g-4ubuntu3.9\r\n\r\nUbuntu 8.10:\r\n libssl0.9.8 0.9.8g-10.1ubuntu2.6\r\n\r\nUbuntu 9.04:\r\n libssl0.9.8 0.9.8g-15ubuntu3.4\r\n\r\nUbuntu 9.10:\r\n libssl0.9.8 0.9.8g-16ubuntu3.1\r\n\r\nAfter a standard system upgrade you need to restart any applications\r\nusing OpenSSL, especially Apache, to effect the necessary changes.\r\n\r\nDetails follow:\r\n\r\nIt was discovered that OpenSSL did not correctly free unused memory in\r\ncertain situations. A remote attacker could trigger this flaw in services\r\nthat used SSL, causing the service to use all available system memory,\r\nleading to a denial of service.\r\n\r\n\r\nUpdated packages for Ubuntu 6.06 LTS:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.11.diff.gz\r\n Size/MD5: 53583 078fd4b21d4cbe9cc56c6472efd2f82e\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.11.dsc\r\n Size/MD5: 863 1377338a9886d11c1c694b61fbef8c57\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a.orig.tar.gz\r\n Size/MD5: 3271435 1d16c727c10185e4d694f87f5e424ee1\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.11_amd64.udeb\r\n Size/MD5: 572058 fcca42eafc9db726ae0fed5446722d2a\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.11_amd64.deb\r\n Size/MD5: 2168230 838b7fdb5d3511b13cfddeff3b4cc012\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.11_amd64.deb\r\n Size/MD5: 1683044 224538a2aab035f0dca5d084dbf11f18\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.11_amd64.deb\r\n Size/MD5: 876766 fbf13b1530240b7f973c766c5d3f472f\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.11_amd64.deb\r\n Size/MD5: 985572 86b5869ce64db3de5c8bfa940784e66e\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.11_i386.udeb\r\n Size/MD5: 509642 9de0f0a418975f96c1d34e9e768602a7\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.11_i386.deb\r\n Size/MD5: 2025304 a0fd927eb2c5d1c7c1fa1d05fdb70844\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.11_i386.deb\r\n Size/MD5: 5054086 6c7609da189fe87af592d9aee5810f8d\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.11_i386.deb\r\n Size/MD5: 2597912 2fa091d1d98a5619a87c82680fd41a63\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.11_i386.deb\r\n Size/MD5: 977384 2cb20009b29d555fa6a54bc9e0e840e3\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.11_powerpc.udeb\r\n Size/MD5: 557996 fc36889114e018166aea4a83c5326876\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.11_powerpc.deb\r\n Size/MD5: 2182878 23f4223f5b33dc2610249168c4e3ac8f\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.11_powerpc.deb\r\n Size/MD5: 1728330 867d6abf0e1823facd5983c7e8663fe1\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.11_powerpc.deb\r\n Size/MD5: 862962 569703c074b5675fa75f47e377d77f4f\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.11_powerpc.deb\r\n Size/MD5: 981478 d7e25315631c93459e87bf32ed1a80a7\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.11_sparc.udeb\r\n Size/MD5: 531120 c3c0edd3faeeefd715f1f7445de7bd75\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.11_sparc.deb\r\n Size/MD5: 2094062 0462ca729344b506ca47e7ee6a072a2a\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.11_sparc.deb\r\n Size/MD5: 3943146 4c63bdac42f197d7ba87ba08e41ce833\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.11_sparc.deb\r\n Size/MD5: 2093194 476064416774ebdffecb39bd14190904\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.11_sparc.deb\r\n Size/MD5: 989766 519bc05f4350bc73c1b797ce992b774b\r\n\r\nUpdated packages for Ubuntu 8.04 LTS:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.9.diff.gz\r\n Size/MD5: 57624 3ce2a25565b28125fea2063d699fe4c2\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.9.dsc\r\n Size/MD5: 959 9fdd11a0ede708d6f6eb46789d18a332\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g.orig.tar.gz\r\n Size/MD5: 3354792 acf70a16359bf3658bdfb74bda1c4419\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8g-4ubuntu3.9_all.deb\r\n Size/MD5: 629818 fd45ce5337737db58f5bd4b6f4d49c34\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.9_amd64.udeb\r\n Size/MD5: 604116 5e5a065259450d657bbd731c2a5c4cf7\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.9_amd64.deb\r\n Size/MD5: 2065026 477ee0c685fda01af69f3e2498879d1a\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.9_amd64.deb\r\n Size/MD5: 1605842 39246a5e5e44805ac41ff1c83f4303a2\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.9_amd64.deb\r\n Size/MD5: 932704 8ae7ff1f67de0352ca5e893a2b7cc478\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.9_amd64.deb\r\n Size/MD5: 390608 199fe49d3b7760a93c0b761b98243f9c\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.9_i386.udeb\r\n Size/MD5: 564900 9a7233abd4c8ac802a59a27593f09157\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.9_i386.deb\r\n Size/MD5: 1942036 cde5d59342272592a73cbb510b26099d\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.9_i386.deb\r\n Size/MD5: 5343388 22664b439f9343bfba1a50b99b183506\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.9_i386.deb\r\n Size/MD5: 2830730 6ef48a0ee7f2aa250d83f7c8967fdffa\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.9_i386.deb\r\n Size/MD5: 385414 617966792c3dd9b1413d8bccad81b007\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.9_lpia.udeb\r\n Size/MD5: 535576 4561b9d21de36010f2c1cc7174939ddb\r\n http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.9_lpia.deb\r\n Size/MD5: 1922840 8526a8c26a0756e5d4c07150c060153a\r\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.9_lpia.deb\r\n Size/MD5: 1513848 2da4b2c36123a473383c961d35aaea66\r\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.9_lpia.deb\r\n Size/MD5: 844172 608523703aa6afd0ca17bffac3bac2c0\r\n http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.9_lpia.deb\r\n Size/MD5: 390036 07f80e60472c4d8f5b35737df7ff11d1\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.9_powerpc.udeb\r\n Size/MD5: 610448 5aa07b6da99bd426e590921ec95a6d7d\r\n http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.9_powerpc.deb\r\n Size/MD5: 2078316 1a363e766a017670bad1a9ef55d0da96\r\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.9_powerpc.deb\r\n Size/MD5: 1640942 35709bb218c55ef3dd84673249b28df6\r\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.9_powerpc.deb\r\n Size/MD5: 946004 435032eb95cae3cc024bfb0435ac7e2b\r\n http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.9_powerpc.deb\r\n Size/MD5: 399190 3b92e622203b4afb56a4a0f39f36c76a\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.9_sparc.udeb\r\n Size/MD5: 559830 91f9f930a688eb8074f674008bdcbc4b\r\n http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.9_sparc.deb\r\n Size/MD5: 1985116 25b894ef012cc97033ea2b22b325f8bf\r\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.9_sparc.deb\r\n Size/MD5: 3875276 8a4cc3d59260de6d0abc0c04ec4694e7\r\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.9_sparc.deb\r\n Size/MD5: 2243138 dc45192a9eb556a4068f4bcd358495f1\r\n http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.9_sparc.deb\r\n Size/MD5: 397834 25447db31c0698eefd384f59c629ed9e\r\n\r\nUpdated packages for Ubuntu 8.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-10.1ubuntu2.6.diff.gz\r\n Size/MD5: 59597 4cf453be12cd9a37ce9adcd59b736c12\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-10.1ubuntu2.6.dsc\r\n Size/MD5: 1373 2eeed217c3f62603366134442a772de5\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g.orig.tar.gz\r\n Size/MD5: 3354792 acf70a16359bf3658bdfb74bda1c4419\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8g-10.1ubuntu2.6_all.deb\r\n Size/MD5: 629518 f4737a13eb762e407f5a85bcdea9ea2b\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-10.1ubuntu2.6_amd64.udeb\r\n Size/MD5: 622272 829fb113bf48efa8e5889f353ada7d86\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-10.1ubuntu2.6_amd64.deb\r\n Size/MD5: 2109964 e3d56926f75fd157aa7911becbab2d3d\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-10.1ubuntu2.6_amd64.deb\r\n Size/MD5: 1685630 c7d7cce672ee8750529545161425cfbb\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-10.1ubuntu2.6_amd64.deb\r\n Size/MD5: 959000 b5a02710c552181bcf4414c9994b5d07\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-10.1ubuntu2.6_amd64.deb\r\n Size/MD5: 404002 fdf80c8f9e3937fc946ebc293a7af0dc\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-10.1ubuntu2.6_i386.udeb\r\n Size/MD5: 578804 7e6fd857da61a516147ca14312eebbc4\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-10.1ubuntu2.6_i386.deb\r\n Size/MD5: 1980760 433b2b612143a13dd6bc9eaa5bc57dd8\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-10.1ubuntu2.6_i386.deb\r\n Size/MD5: 5606470 bf696a0d7d95317126cf60ca89c8699f\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-10.1ubuntu2.6_i386.deb\r\n Size/MD5: 2921362 6f5c84d1bb8ff9828866b88590049c64\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-10.1ubuntu2.6_i386.deb\r\n Size/MD5: 398634 a861e5f9152c4b8b073af7e3cea32bfa\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-10.1ubuntu2.6_lpia.udeb\r\n Size/MD5: 547482 bea50d80146eab69f07707234187d07c\r\n http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-10.1ubuntu2.6_lpia.deb\r\n Size/MD5: 1958290 5bbfb95cbe98cf27779dddabedcbdbff\r\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-10.1ubuntu2.6_lpia.deb\r\n Size/MD5: 1580416 5dcc62eeb3e2e25bd60931dbbfb5cb35\r\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-10.1ubuntu2.6_lpia.deb\r\n Size/MD5: 863696 54b56d16a90677bee6100a60f4eb7a64\r\n http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-10.1ubuntu2.6_lpia.deb\r\n Size/MD5: 400630 eefe5c10cc2a040fb18e0f31fb9134b0\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-10.1ubuntu2.6_powerpc.udeb\r\n Size/MD5: 623250 f51af07c00285e307baa1042d5d2e36d\r\n http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-10.1ubuntu2.6_powerpc.deb\r\n Size/MD5: 2120464 4e799bffd24bb693c13f47567f81aa1e\r\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-10.1ubuntu2.6_powerpc.deb\r\n Size/MD5: 1705308 a2a097971182affc1df807242e2d55d5\r\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-10.1ubuntu2.6_powerpc.deb\r\n Size/MD5: 965578 70be3d9f39fb85968890b50ed568961d\r\n http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-10.1ubuntu2.6_powerpc.deb\r\n Size/MD5: 402652 69edb8efb8324ddd4769cb04c1faf7ab\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-10.1ubuntu2.6_sparc.udeb\r\n Size/MD5: 567678 27d5beebddabe79f9ee586490fa39628\r\n http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-10.1ubuntu2.6_sparc.deb\r\n Size/MD5: 2013850 bad8c224bc9326c320f3c6a70ae961a7\r\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-10.1ubuntu2.6_sparc.deb\r\n Size/MD5: 4038778 2e767a15210f3a158c3a6111ff85af51\r\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-10.1ubuntu2.6_sparc.deb\r\n Size/MD5: 2285930 c92a8f07fbabcd218e74186063d525d3\r\n http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-10.1ubuntu2.6_sparc.deb\r\n Size/MD5: 406758 b72a20b0ff8524f18ec55933ae3d2723\r\n\r\nUpdated packages for Ubuntu 9.04:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-15ubuntu3.4.diff.gz\r\n Size/MD5: 61966 b202f11e66751a6d74cd9cbd2c423026\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-15ubuntu3.4.dsc\r\n Size/MD5: 1476 ea957c9f96643444437a3f96de6ba250\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g.orig.tar.gz\r\n Size/MD5: 3354792 acf70a16359bf3658bdfb74bda1c4419\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8g-15ubuntu3.4_all.deb\r\n Size/MD5: 630404 f57619daf5fe28633018bb990289a2a4\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15ubuntu3.4_amd64.udeb\r\n Size/MD5: 622016 4968392acf782b84df90c925058b4556\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-15ubuntu3.4_amd64.deb\r\n Size/MD5: 2101208 0f4a4eefebeefda26cc41d9fd0cb77d2\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15ubuntu3.4_amd64.deb\r\n Size/MD5: 1686434 d22aafbe4532db12a73c5cdf0082aa5b\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-15ubuntu3.4_amd64.deb\r\n Size/MD5: 960980 4f2126304d9539258f5466e840939c17\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-15ubuntu3.4_amd64.deb\r\n Size/MD5: 402132 a5c27b0c214664e666d0b9e87f5e11bb\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15ubuntu3.4_i386.udeb\r\n Size/MD5: 578858 ae7901891441e9387531f212fd181feb\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-15ubuntu3.4_i386.deb\r\n Size/MD5: 1972796 4b5befbd3a4f387ec10b9b02d145692e\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15ubuntu3.4_i386.deb\r\n Size/MD5: 5606770 bdb9a9ba35db89361caec17b0295234b\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-15ubuntu3.4_i386.deb\r\n Size/MD5: 2924250 9f59e0af697ad603f0b5523a358bd2ee\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-15ubuntu3.4_i386.deb\r\n Size/MD5: 397830 be6e595954d6e958e5647749a4508b65\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15ubuntu3.4_lpia.udeb\r\n Size/MD5: 547460 4a85bfb1089fdf9029aefcdd887cfdaf\r\n http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-15ubuntu3.4_lpia.deb\r\n Size/MD5: 1949972 b17b67b6f3384b6cd813939703fa294f\r\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15ubuntu3.4_lpia.deb\r\n Size/MD5: 1581388 667d2f135f810a1c7957b0646f2597c9\r\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-15ubuntu3.4_lpia.deb\r\n Size/MD5: 865782 a68d7c72469682913d960fdca329cf3e\r\n http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-15ubuntu3.4_lpia.deb\r\n Size/MD5: 399370 81cb0bcd6040bccf98204cd4951e80c2\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15ubuntu3.4_powerpc.udeb\r\n Size/MD5: 623270 29cd5febf24a3d3b7d6e194ab03d30a3\r\n http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-15ubuntu3.4_powerpc.deb\r\n Size/MD5: 2112392 fe35372e842403f73fface06cb6b81cf\r\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15ubuntu3.4_powerpc.deb\r\n Size/MD5: 1706036 3c60700323017d99f040f2c08cafab36\r\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-15ubuntu3.4_powerpc.deb\r\n Size/MD5: 967820 4a1eeaabf310d820930b017eeed0967c\r\n http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-15ubuntu3.4_powerpc.deb\r\n Size/MD5: 401218 0c274b4836ce6b2f184877c333349c31\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15ubuntu3.4_sparc.udeb\r\n Size/MD5: 567626 409bf151f19abc289cb87a32c8330623\r\n http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-15ubuntu3.4_sparc.deb\r\n Size/MD5: 2005764 83932c4fe5e3e6067e53987612a58fab\r\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15ubuntu3.4_sparc.deb\r\n Size/MD5: 4039666 f57b1708821b81b0386f5bb94dc5bbd2\r\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-15ubuntu3.4_sparc.deb\r\n Size/MD5: 2287248 cdec5a2b105083e3c112051735e17dd1\r\n http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-15ubuntu3.4_sparc.deb\r\n Size/MD5: 405470 f43afd307821ae2023841ed0df9d48d1\r\n\r\nUpdated packages for Ubuntu 9.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.1.diff.gz\r\n Size/MD5: 62124 0ccaf31bb466d39abcc0c0b0a3f233e8\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.1.dsc\r\n Size/MD5: 1476 1e2262fb468c9efb42a036e3f8a3c890\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g.orig.tar.gz\r\n Size/MD5: 3354792 acf70a16359bf3658bdfb74bda1c4419\r\n\r\n Architecture independent packages:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8g-16ubuntu3.1_all.deb\r\n Size/MD5: 630550 5da8184611f9bddbce67d843f48757b7\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-16ubuntu3.1_amd64.udeb\r\n Size/MD5: 628102 dbfce0d70116d0d736281044444d4bf8\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-16ubuntu3.1_amd64.deb\r\n Size/MD5: 2114152 bd9df215c27087b00bfcf5fc0a5951e5\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-16ubuntu3.1_amd64.deb\r\n Size/MD5: 1635946 110e0bc281c87b58ac3179485b3ce80b\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-16ubuntu3.1_amd64.deb\r\n Size/MD5: 964948 d42feb0d19b2aaee451de7ae7d11f7dc\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.1_amd64.deb\r\n Size/MD5: 402344 14d636c618b04f6e3f3aeba1858e881a\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-16ubuntu3.1_i386.udeb\r\n Size/MD5: 571400 0189ac36af72febca731b8b520ca44d0\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-16ubuntu3.1_i386.deb\r\n Size/MD5: 1970330 ab13b28f7ab9ac4ce3e1d16568b43e50\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-16ubuntu3.1_i386.deb\r\n Size/MD5: 5607170 14233856cc77c65214afbf4b8a425516\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-16ubuntu3.1_i386.deb\r\n Size/MD5: 2913846 ca6d1efb2712b0e207493491897beab1\r\n http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.1_i386.deb\r\n Size/MD5: 397684 23dddcc16d016187d17e9fc0bb2ac5bc\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-16ubuntu3.1_lpia.udeb\r\n Size/MD5: 547622 9193d051f48255733a877126dbb872c8\r\n http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-16ubuntu3.1_lpia.deb\r\n Size/MD5: 1953268 8d1b60d97c819ceebde1b5aa581c8233\r\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-16ubuntu3.1_lpia.deb\r\n Size/MD5: 1583562 d82c42deadff8280be469cb60e1a277e\r\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-16ubuntu3.1_lpia.deb\r\n Size/MD5: 866380 1978474a522dcfe1a00b0572a0264c07\r\n http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.1_lpia.deb\r\n Size/MD5: 399642 6fae9c8dcacaa9cfec6b12002af73e6b\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-16ubuntu3.1_powerpc.udeb\r\n Size/MD5: 619002 c7cb046505e97c4749c84d80bc208240\r\n http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-16ubuntu3.1_powerpc.deb\r\n Size/MD5: 2111024 bf512750a558622c0939d3e673f2958b\r\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-16ubuntu3.1_powerpc.deb\r\n Size/MD5: 1690978 723981c075fecc6793af54b7fab95697\r\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-16ubuntu3.1_powerpc.deb\r\n Size/MD5: 948616 ba268888547761cae6dbb1d29819821c\r\n http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.1_powerpc.deb\r\n Size/MD5: 399236 a6ee992fd63e9f5ae45c8361b6d0377b\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-16ubuntu3.1_sparc.udeb\r\n Size/MD5: 563678 8352657d40a0d8928da76c9b9a2179f9\r\n http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-16ubuntu3.1_sparc.deb\r\n Size/MD5: 2004048 d7aaac9224f49d0c53622a13c808ce08\r\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-16ubuntu3.1_sparc.deb\r\n Size/MD5: 3974302 fe60a67af133c8001cc89fe803de0271\r\n http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-16ubuntu3.1_sparc.deb\r\n Size/MD5: 2275584 a8c6b6253b311c44a7ab51810be70683\r\n http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-16ubuntu3.1_sparc.deb\r\n Size/MD5: 409140 a7714f98616706bc91d15234f54a73cb\r\n", "edition": 1, "modified": "2010-01-17T00:00:00", "published": "2010-01-17T00:00:00", "id": "SECURITYVULNS:DOC:23048", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23048", "title": "[USN-884-1] OpenSSL vulnerability", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:34", "bulletinFamily": "software", "cvelist": ["CVE-2009-3555"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c02171256\r\nVersion: 1\r\n\r\nHPSBMA02534 SSRT090180 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Unauthorized Information Disclosure, Unauthorized Data Modification,\r\nDenial of Service (DoS)\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible.\r\n\r\nRelease Date: 2010-05-17\r\nLast Updated: 2010-05-17\r\n\r\nPotential Security Impact: Remote unauthorized information disclosure, unauthorized data modification, Denial of Service (DoS)\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nPotential security vulnerabilities have been identified with HP System Management Homepage (SMH) for Linux and Windows. These vulnerabilities could be exploited\r\nremotely to allow unauthorized information disclosure, unauthorized data modification, Denial of Service (DoS)\r\n\r\nReferences: CVE-2009-3555\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\n\r\nHP System Management Homepage for Windows all versions prior to 6.1\r\nHP System Management Homepage for Linux (x86) all versions prior to 6.1\r\nHP System Management Homepage for Linux (AMD64/EM64T) all versions prior to 6.1\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2009-3555 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP has provided the following software updates to resolve the vulnerabilities.\r\n\r\nHP System Management Homepage for Windows v6.1.0.102 (or subsequent)\r\n\r\nHP System Management Homepage for Linux (x86) v6.1.0-103 (or subsequent)\r\n\r\nHP System Management Homepage for Linux (AMD64/EM64T) v6.1.0-103 (or subsequent)\r\n\r\nDownloads are available from the following locations:\r\n\r\nHP System Management Homepage v6.1.0.102 for Windows can be downloaded from\r\nhttp://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?swItem=MTX-1b189d95582249b58d9ca94c45\r\n\r\nHP System Management Homepage for Linux (x86), v6.1.0-103 for Linux X86 OS can be downloaded from\r\nhttp://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?swItem=MTX-4311cc1b61fd42a4874b13d714\r\n\r\nHP System Management Homepage for Linux (AMD64/EM64T), v6.1.0-103 for Linux 64-bit OS can be downloaded from\r\nhttp://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?swItem=MTX-6a3f2fa832db4ddf9b3398f04c\r\n\r\nPRODUCT SPECIFIC INFORMATION\r\nNone\r\n\r\nHISTORY\r\nVersion:1 (rev.1) - 17 May 2010 Initial Release\r\n\r\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the\r\ncustomer's patch management policy.\r\n\r\nSupport: For further information, contact normal HP Services support channel.\r\n\r\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\r\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.\r\nTo get the security-alert PGP key, please send an e-mail message as follows:\r\n To: security-alert@hp.com\r\n Subject: get key\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\r\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC\r\nOn the web page: ITRC security bulletins and patch sign-up\r\nUnder Step1: your ITRC security bulletins and patches\r\n -check ALL categories for which alerts are required and continue.\r\nUnder Step2: your ITRC operating systems\r\n -verify your operating system selections are checked and save.\r\n\r\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\r\nLog in on the web page: Subscriber's choice for Business: sign-in.\r\nOn the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.\r\n\r\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\r\n\r\n* The Software Product Category that this Security Bulletin\r\nrelates to is represented by the 5th and 6th characters\r\nof the Bulletin number in the title:\r\n\r\nGN = HP General SW\r\nMA = HP Management Agents\r\nMI = Misc. 3rd Party SW\r\nMP = HP MPE/iX\r\nNS = HP NonStop Servers\r\nOV = HP OpenVMS\r\nPI = HP Printing & Imaging\r\nST = HP Storage SW\r\nTL = HP Trusted Linux\r\nTU = HP Tru64 UNIX\r\nUX = HP-UX\r\nVV = HP VirtualVault\r\n\r\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of\r\nsoftware products to provide customers with current secure solutions.\r\n\r\n"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained\r\nin this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not\r\nwarrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from\r\nuser's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including\r\nthe warranties of merchantability and fitness for a particular purpose, title and non-infringement."\r\n\r\nCopyright 2009 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without\r\nwarranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential\r\ndamages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software\r\nrestoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein\r\nare trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their\r\nrespective owners.\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 (GNU/Linux)\r\n\r\niEYEARECAAYFAkvxXlUACgkQ4B86/C0qfVnKZgCgog6G7LtDW9sT9xWkQ/ZKh63K\r\nkzQAoIsnJB8qTVzk1BtpDhpFShAxQQqF\r\n=Gnhw\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2010-05-20T00:00:00", "published": "2010-05-20T00:00:00", "id": "SECURITYVULNS:DOC:23890", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23890", "title": "[security bulletin] HPSBMA02534 SSRT090180 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Unauthorized Information Disclosure, Unauthorized Data Modification, Denial of Service (DoS)", "type": "securityvulns", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:32", "bulletinFamily": "software", "cvelist": ["CVE-2009-3555"], "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2009:337\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : proftpd\r\n Date : December 22, 2009\r\n Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0,\r\n Enterprise Server 5.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n A vulnerability has been identified and corrected in proftpd:\r\n \r\n The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as\r\n used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl\r\n in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l,\r\n GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS)\r\n 3.12.4 and earlier, and other products, does not properly associate\r\n renegotiation handshakes with an existing connection, which allows\r\n man-in-the-middle attackers to insert data into HTTPS sessions,\r\n and possibly other types of sessions protected by TLS or SSL, by\r\n sending an unauthenticated request that is processed retroactively\r\n by a server in a post-renegotiation context, related to a plaintext\r\n injection attack, aka the Project Mogul issue (CVE-2009-3555).\r\n \r\n Packages for 2008.0 are provided for Corporate Desktop 2008.0\r\n customers.\r\n \r\n This update fixes this vulnerability.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555\r\n http://bugs.proftpd.org/show_bug.cgi?id=3324\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2008.0:\r\n b9b190ac1eb5d3729025435fe27d2410 2008.0/i586/proftpd-1.3.2-0.3mdv2008.0.i586.rpm\r\n 352ed8620a05f7d9a3f9852bc726775c 2008.0/i586/proftpd-devel-1.3.2-0.3mdv2008.0.i586.rpm\r\n 3c4accef7143329906820bcce43e810b \r\n2008.0/i586/proftpd-mod_autohost-1.3.2-0.3mdv2008.0.i586.rpm\r\n 57b921e47c6820412923161d751cc741 2008.0/i586/proftpd-mod_ban-1.3.2-0.3mdv2008.0.i586.rpm\r\n 08df98fb4b0d4170586384e439020ac9 2008.0/i586/proftpd-mod_case-1.3.2-0.3mdv2008.0.i586.rpm\r\n de51d0e68218af3f126d7d055850745c \r\n2008.0/i586/proftpd-mod_ctrls_admin-1.3.2-0.3mdv2008.0.i586.rpm\r\n ee8343e5f45fb2a23f4f5663cad92910 2008.0/i586/proftpd-mod_gss-1.3.2-0.3mdv2008.0.i586.rpm\r\n 4174e8c0359e5e73d74468f59c2a2a8f \r\n2008.0/i586/proftpd-mod_ifsession-1.3.2-0.3mdv2008.0.i586.rpm\r\n 8700c37c4ccb147146018adb54b868dc 2008.0/i586/proftpd-mod_ldap-1.3.2-0.3mdv2008.0.i586.rpm\r\n a8d526ad49bd15d3daa4deb0f7a4daa4 2008.0/i586/proftpd-mod_load-1.3.2-0.3mdv2008.0.i586.rpm\r\n 3e469f53af8eb3124a26ed1624020683 \r\n2008.0/i586/proftpd-mod_quotatab-1.3.2-0.3mdv2008.0.i586.rpm\r\n 0e86455066c3b477f141ede0910fc955 \r\n2008.0/i586/proftpd-mod_quotatab_file-1.3.2-0.3mdv2008.0.i586.rpm\r\n 56a7876b1176fb921f617ef266eb65f8 \r\n2008.0/i586/proftpd-mod_quotatab_ldap-1.3.2-0.3mdv2008.0.i586.rpm\r\n 41603859dbd0665a55d608fcff538b88 \r\n2008.0/i586/proftpd-mod_quotatab_radius-1.3.2-0.3mdv2008.0.i586.rpm\r\n fe63333e393a45732ccaedb635a16d41 \r\n2008.0/i586/proftpd-mod_quotatab_sql-1.3.2-0.3mdv2008.0.i586.rpm\r\n 26e9ad76b1c22212e260ccf336246b21 2008.0/i586/proftpd-mod_radius-1.3.2-0.3mdv2008.0.i586.rpm\r\n bc3f19ec11fd18073c246c0bfeb4bbd9 2008.0/i586/proftpd-mod_ratio-1.3.2-0.3mdv2008.0.i586.rpm\r\n 66c70743a6030991c75875c42fd9b245 \r\n2008.0/i586/proftpd-mod_rewrite-1.3.2-0.3mdv2008.0.i586.rpm\r\n 14a6cfaafd1a81719681ae5fd549226c 2008.0/i586/proftpd-mod_shaper-1.3.2-0.3mdv2008.0.i586.rpm\r\n 29ad593a905c1d4087f63bd98f755b75 \r\n2008.0/i586/proftpd-mod_site_misc-1.3.2-0.3mdv2008.0.i586.rpm\r\n b576a439128814e65018d37307ef89f2 2008.0/i586/proftpd-mod_sql-1.3.2-0.3mdv2008.0.i586.rpm\r\n 071b2bf259a4e6dae750e3d90231f3cc \r\n2008.0/i586/proftpd-mod_sql_mysql-1.3.2-0.3mdv2008.0.i586.rpm\r\n 716e28933156a0b68f9e6562e34286d8 \r\n2008.0/i586/proftpd-mod_sql_postgres-1.3.2-0.3mdv2008.0.i586.rpm\r\n b49c1e1395dea07f57501bb08d918c78 2008.0/i586/proftpd-mod_time-1.3.2-0.3mdv2008.0.i586.rpm\r\n 2fb275d3838849f732956a83c60551db 2008.0/i586/proftpd-mod_tls-1.3.2-0.3mdv2008.0.i586.rpm\r\n 870b85dc26c78344681b862421148bac 2008.0/i586/proftpd-mod_wrap-1.3.2-0.3mdv2008.0.i586.rpm\r\n 107bd74f488b08b637a7626bc5176f0d \r\n2008.0/i586/proftpd-mod_wrap_file-1.3.2-0.3mdv2008.0.i586.rpm\r\n 52536c6f73adfe3ff7a454491da5a403 \r\n2008.0/i586/proftpd-mod_wrap_sql-1.3.2-0.3mdv2008.0.i586.rpm \r\n deb5bda5904c3327f58415a0b558b2e8 2008.0/SRPMS/proftpd-1.3.2-0.3mdv2008.0.src.rpm\r\n\r\n Mandriva Linux 2008.0/X86_64:\r\n 039d35ee6d603e50c414e2bf06c6d043 2008.0/x86_64/proftpd-1.3.2-0.3mdv2008.0.x86_64.rpm\r\n 2a47940a552d57d042943ebe4ab5d85c 2008.0/x86_64/proftpd-devel-1.3.2-0.3mdv2008.0.x86_64.rpm\r\n cb2696e6ef979113fde7a7e85efcb21d \r\n2008.0/x86_64/proftpd-mod_autohost-1.3.2-0.3mdv2008.0.x86_64.rpm\r\n f4d9804686013d384ac0e48b386bfc94 \r\n2008.0/x86_64/proftpd-mod_ban-1.3.2-0.3mdv2008.0.x86_64.rpm\r\n 3d33970457a83ef89314b49d643de4ff \r\n2008.0/x86_64/proftpd-mod_case-1.3.2-0.3mdv2008.0.x86_64.rpm\r\n 70c3fed5e0a9b511b9f17482ccaef698 \r\n2008.0/x86_64/proftpd-mod_ctrls_admin-1.3.2-0.3mdv2008.0.x86_64.rpm\r\n 135b4a1342ee812e97cdf4c0bbc0a118 \r\n2008.0/x86_64/proftpd-mod_gss-1.3.2-0.3mdv2008.0.x86_64.rpm\r\n 4ba3ec21951d95441e18fc9e01129f49 \r\n2008.0/x86_64/proftpd-mod_ifsession-1.3.2-0.3mdv2008.0.x86_64.rpm\r\n 26c48c47f334a8c52a571a53cd8d7fea \r\n2008.0/x86_64/proftpd-mod_ldap-1.3.2-0.3mdv2008.0.x86_64.rpm\r\n b731b39eb4bfc5b96dd6e12a3c467538 \r\n2008.0/x86_64/proftpd-mod_load-1.3.2-0.3mdv2008.0.x86_64.rpm\r\n ad8fe669dd5523e17b37767d3825c3be \r\n2008.0/x86_64/proftpd-mod_quotatab-1.3.2-0.3mdv2008.0.x86_64.rpm\r\n c98d4366009169721957330419d025a0 \r\n2008.0/x86_64/proftpd-mod_quotatab_file-1.3.2-0.3mdv2008.0.x86_64.rpm\r\n 4f0c56c9fed804da72ee8fe018be572c \r\n2008.0/x86_64/proftpd-mod_quotatab_ldap-1.3.2-0.3mdv2008.0.x86_64.rpm\r\n 073c3f255943d70abba3b27f8a9f75a8 \r\n2008.0/x86_64/proftpd-mod_quotatab_radius-1.3.2-0.3mdv2008.0.x86_64.rpm\r\n a9b1db55bd35e56346c6f304c05af434 \r\n2008.0/x86_64/proftpd-mod_quotatab_sql-1.3.2-0.3mdv2008.0.x86_64.rpm\r\n 03bc39eaeeffdb0ba04cfbc029436b29 \r\n2008.0/x86_64/proftpd-mod_radius-1.3.2-0.3mdv2008.0.x86_64.rpm\r\n c907cecfb4869f999ee907935d0c407d \r\n2008.0/x86_64/proftpd-mod_ratio-1.3.2-0.3mdv2008.0.x86_64.rpm\r\n dcb80800ca5dc45b4ebd1115e066e013 \r\n2008.0/x86_64/proftpd-mod_rewrite-1.3.2-0.3mdv2008.0.x86_64.rpm\r\n f5f8c1acd6f816e4819c9a3b42ff5f02 \r\n2008.0/x86_64/proftpd-mod_shaper-1.3.2-0.3mdv2008.0.x86_64.rpm\r\n d440490fcb18fb896fa413a5f636f18f \r\n2008.0/x86_64/proftpd-mod_site_misc-1.3.2-0.3mdv2008.0.x86_64.rpm\r\n 374c1399914e5603a2063d14041ddedd \r\n2008.0/x86_64/proftpd-mod_sql-1.3.2-0.3mdv2008.0.x86_64.rpm\r\n ca3590fbd8cf2bb0664a2d9b0bd562e2 \r\n2008.0/x86_64/proftpd-mod_sql_mysql-1.3.2-0.3mdv2008.0.x86_64.rpm\r\n 074923354e42ee9d283e0c9a5e176454 \r\n2008.0/x86_64/proftpd-mod_sql_postgres-1.3.2-0.3mdv2008.0.x86_64.rpm\r\n e4e79a6a2d36c074a779939fd3fb83f3 \r\n2008.0/x86_64/proftpd-mod_time-1.3.2-0.3mdv2008.0.x86_64.rpm\r\n 3cbcceedb040f65faeda847cd213d195 \r\n2008.0/x86_64/proftpd-mod_tls-1.3.2-0.3mdv2008.0.x86_64.rpm\r\n f8caf4531b109e46c31fce0796186666 \r\n2008.0/x86_64/proftpd-mod_wrap-1.3.2-0.3mdv2008.0.x86_64.rpm\r\n c607bac7c7a2b9ad6b45330c508f5856 \r\n2008.0/x86_64/proftpd-mod_wrap_file-1.3.2-0.3mdv2008.0.x86_64.rpm\r\n 4108dbac0af91704eceaa8e761341c0c \r\n2008.0/x86_64/proftpd-mod_wrap_sql-1.3.2-0.3mdv2008.0.x86_64.rpm \r\n deb5bda5904c3327f58415a0b558b2e8 2008.0/SRPMS/proftpd-1.3.2-0.3mdv2008.0.src.rpm\r\n\r\n Mandriva Linux 2009.0:\r\n c4aac925334b9878eee72407eb1610f1 2009.0/i586/proftpd-1.3.2-0.4mdv2009.0.i586.rpm\r\n a3cc261ee3e0901e05f0af9dfb783d55 2009.0/i586/proftpd-devel-1.3.2-0.4mdv2009.0.i586.rpm\r\n 74947602df92c342947f2fcac9a6a7fe \r\n2009.0/i586/proftpd-mod_autohost-1.3.2-0.4mdv2009.0.i586.rpm\r\n 3f3ae650cfd8b71ae81d8581fedb8e20 2009.0/i586/proftpd-mod_ban-1.3.2-0.4mdv2009.0.i586.rpm\r\n f5e081ecb50f488bee860b412da94c0c 2009.0/i586/proftpd-mod_case-1.3.2-0.4mdv2009.0.i586.rpm\r\n 8a2680e4f72a03822c0281b6210cbef2 \r\n2009.0/i586/proftpd-mod_ctrls_admin-1.3.2-0.4mdv2009.0.i586.rpm\r\n 823e6910a8cf0665d9b980d25b5f751f 2009.0/i586/proftpd-mod_gss-1.3.2-0.4mdv2009.0.i586.rpm\r\n 0d671b7756282ee7d9f903a49b636a20 \r\n2009.0/i586/proftpd-mod_ifsession-1.3.2-0.4mdv2009.0.i586.rpm\r\n ead6fa38c3303893513ce800f32b0c39 2009.0/i586/proftpd-mod_ldap-1.3.2-0.4mdv2009.0.i586.rpm\r\n 912aa200d61549daaa207f3b671c7773 2009.0/i586/proftpd-mod_load-1.3.2-0.4mdv2009.0.i586.rpm\r\n 3c027a9b592e825283c2cd4d6d3e6b73 \r\n2009.0/i586/proftpd-mod_quotatab-1.3.2-0.4mdv2009.0.i586.rpm\r\n 768572c3b38f4e2835e682d2ba4e3aea \r\n2009.0/i586/proftpd-mod_quotatab_file-1.3.2-0.4mdv2009.0.i586.rpm\r\n e5e9aa5d3fc64a7b733635e226217e88 \r\n2009.0/i586/proftpd-mod_quotatab_ldap-1.3.2-0.4mdv2009.0.i586.rpm\r\n d661c9bf296bf4c1ddaf7bd2a1241b3b \r\n2009.0/i586/proftpd-mod_quotatab_radius-1.3.2-0.4mdv2009.0.i586.rpm\r\n 7ee532156a9252e2a220836b0c3310b7 \r\n2009.0/i586/proftpd-mod_quotatab_sql-1.3.2-0.4mdv2009.0.i586.rpm\r\n 52d487b8988ed2fb0e1e1b8ac89ab95b 2009.0/i586/proftpd-mod_radius-1.3.2-0.4mdv2009.0.i586.rpm\r\n f9ed07158e135f00f4e6f5d188d5e5be 2009.0/i586/proftpd-mod_ratio-1.3.2-0.4mdv2009.0.i586.rpm\r\n 4a74cfccca104759f6803314d0637ff6 \r\n2009.0/i586/proftpd-mod_rewrite-1.3.2-0.4mdv2009.0.i586.rpm\r\n 54a1784bff0d683f2580e7d8efa2d364 2009.0/i586/proftpd-mod_shaper-1.3.2-0.4mdv2009.0.i586.rpm\r\n cc3487f5a092bdbd4c9017c154173442 \r\n2009.0/i586/proftpd-mod_site_misc-1.3.2-0.4mdv2009.0.i586.rpm\r\n 2ec9fd660ac78f978ec50338bd456318 2009.0/i586/proftpd-mod_sql-1.3.2-0.4mdv2009.0.i586.rpm\r\n 85718af247aec353b6df2b9bbfbeb26e \r\n2009.0/i586/proftpd-mod_sql_mysql-1.3.2-0.4mdv2009.0.i586.rpm\r\n 65ebb5ae1dd0fe2bf6e071710b315a30 \r\n2009.0/i586/proftpd-mod_sql_postgres-1.3.2-0.4mdv2009.0.i586.rpm\r\n 8d3b2b44fc29d56ee242f51ac93dc213 2009.0/i586/proftpd-mod_time-1.3.2-0.4mdv2009.0.i586.rpm\r\n 501b5b2c6059faac9683694c3384178c 2009.0/i586/proftpd-mod_tls-1.3.2-0.4mdv2009.0.i586.rpm\r\n d6c97e71ff49a2b7dd929aadaf3466e5 2009.0/i586/proftpd-mod_vroot-1.3.2-0.4mdv2009.0.i586.rpm\r\n 3ef668192f5eb8cc70f73fd57201ad2c 2009.0/i586/proftpd-mod_wrap-1.3.2-0.4mdv2009.0.i586.rpm\r\n c0ad3e7895969c4916f28dc7a3608ef6 \r\n2009.0/i586/proftpd-mod_wrap_file-1.3.2-0.4mdv2009.0.i586.rpm\r\n 6f1e9dadb14097d8bfeb7d14792c0479 \r\n2009.0/i586/proftpd-mod_wrap_sql-1.3.2-0.4mdv2009.0.i586.rpm \r\n 0f6e22b3adcf88267b8fbf15668afa0d 2009.0/SRPMS/proftpd-1.3.2-0.4mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.0/X86_64:\r\n c9b4d50d5a3ff5c013a70785fb4258d2 2009.0/x86_64/proftpd-1.3.2-0.4mdv2009.0.x86_64.rpm\r\n 3584b5ab5c8728eb27a836892e7ea0af 2009.0/x86_64/proftpd-devel-1.3.2-0.4mdv2009.0.x86_64.rpm\r\n 74067ff8d5530b1b2c5e69baf2be5375 \r\n2009.0/x86_64/proftpd-mod_autohost-1.3.2-0.4mdv2009.0.x86_64.rpm\r\n 4c7fd07706e6ab6ad7b54d81789fb6e1 \r\n2009.0/x86_64/proftpd-mod_ban-1.3.2-0.4mdv2009.0.x86_64.rpm\r\n 020fbc17086a7642aaa84f9657112c4e \r\n2009.0/x86_64/proftpd-mod_case-1.3.2-0.4mdv2009.0.x86_64.rpm\r\n 37b4bdec8986a9d8af210e06099994fc \r\n2009.0/x86_64/proftpd-mod_ctrls_admin-1.3.2-0.4mdv2009.0.x86_64.rpm\r\n eefd827450b1f3af88337f5c08c1f6ed \r\n2009.0/x86_64/proftpd-mod_gss-1.3.2-0.4mdv2009.0.x86_64.rpm\r\n b39db476e2ecd6c5fa603798d4aabccb \r\n2009.0/x86_64/proftpd-mod_ifsession-1.3.2-0.4mdv2009.0.x86_64.rpm\r\n 46523c1f5436831af6c037f008f5ba72 \r\n2009.0/x86_64/proftpd-mod_ldap-1.3.2-0.4mdv2009.0.x86_64.rpm\r\n 40330e9dfdc9b2e773e7353cb2e2f36f \r\n2009.0/x86_64/proftpd-mod_load-1.3.2-0.4mdv2009.0.x86_64.rpm\r\n 42ce8fb4c386c73333f2001d1b1ab4c1 \r\n2009.0/x86_64/proftpd-mod_quotatab-1.3.2-0.4mdv2009.0.x86_64.rpm\r\n fd0dd14ae0041bc910f66d93480f8060 \r\n2009.0/x86_64/proftpd-mod_quotatab_file-1.3.2-0.4mdv2009.0.x86_64.rpm\r\n 9ba237bcd93e6aa97f55473b0d9ffc78 \r\n2009.0/x86_64/proftpd-mod_quotatab_ldap-1.3.2-0.4mdv2009.0.x86_64.rpm\r\n 9d4b084261a47bc27d51ac4457be39cd \r\n2009.0/x86_64/proftpd-mod_quotatab_radius-1.3.2-0.4mdv2009.0.x86_64.rpm\r\n ba1cc158630d79ea09c3ee1398015957 \r\n2009.0/x86_64/proftpd-mod_quotatab_sql-1.3.2-0.4mdv2009.0.x86_64.rpm\r\n 71cf8f4cb0bb8494acdfb232525a3f8e \r\n2009.0/x86_64/proftpd-mod_radius-1.3.2-0.4mdv2009.0.x86_64.rpm\r\n 2ca1189c3e366445ae3d5fe2763c0ca1 \r\n2009.0/x86_64/proftpd-mod_ratio-1.3.2-0.4mdv2009.0.x86_64.rpm\r\n 3db0175d5fbe98e67abe906f6c2fb607 \r\n2009.0/x86_64/proftpd-mod_rewrite-1.3.2-0.4mdv2009.0.x86_64.rpm\r\n 499aa6ad8fcf46c343bd9f20e102e47b \r\n2009.0/x86_64/proftpd-mod_shaper-1.3.2-0.4mdv2009.0.x86_64.rpm\r\n 4e1fb4f9fea8e037076ce3b95af0a920 \r\n2009.0/x86_64/proftpd-mod_site_misc-1.3.2-0.4mdv2009.0.x86_64.rpm\r\n 5b99600fa7545b5823f0fa0ddb7a38c5 \r\n2009.0/x86_64/proftpd-mod_sql-1.3.2-0.4mdv2009.0.x86_64.rpm\r\n 80ee086eac0082c0dda122535d72db1d \r\n2009.0/x86_64/proftpd-mod_sql_mysql-1.3.2-0.4mdv2009.0.x86_64.rpm\r\n 328de69a89a3f77ac02bc6be05a776a1 \r\n2009.0/x86_64/proftpd-mod_sql_postgres-1.3.2-0.4mdv2009.0.x86_64.rpm\r\n 4105f8f544588f6b13a70aad0e6f444c \r\n2009.0/x86_64/proftpd-mod_time-1.3.2-0.4mdv2009.0.x86_64.rpm\r\n b9db4c4adc4c3054b37235f5ed7795d7 \r\n2009.0/x86_64/proftpd-mod_tls-1.3.2-0.4mdv2009.0.x86_64.rpm\r\n 62a356a3a857809a1a376dd07ff353d2 \r\n2009.0/x86_64/proftpd-mod_vroot-1.3.2-0.4mdv2009.0.x86_64.rpm\r\n 0c4cc4ad51deef7f83bace6cef2185bb \r\n2009.0/x86_64/proftpd-mod_wrap-1.3.2-0.4mdv2009.0.x86_64.rpm\r\n 6699773ed14dc1c92fc57f2db8102f9b \r\n2009.0/x86_64/proftpd-mod_wrap_file-1.3.2-0.4mdv2009.0.x86_64.rpm\r\n 2e297598198d71f64e81c8a658c989e1 \r\n2009.0/x86_64/proftpd-mod_wrap_sql-1.3.2-0.4mdv2009.0.x86_64.rpm \r\n 0f6e22b3adcf88267b8fbf15668afa0d 2009.0/SRPMS/proftpd-1.3.2-0.4mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.1:\r\n aed71239960bf7aba5f7e757cd19debf 2009.1/i586/proftpd-1.3.2-4.3mdv2009.1.i586.rpm\r\n d49f746c3afc297f28b14f3e0648c257 2009.1/i586/proftpd-devel-1.3.2-4.3mdv2009.1.i586.rpm\r\n 4d9b09d69a738fcbc889ba543ca88e34 \r\n2009.1/i586/proftpd-mod_autohost-1.3.2-4.3mdv2009.1.i586.rpm\r\n b8ef88b8ee4a385fbce227cce1fe3b5c 2009.1/i586/proftpd-mod_ban-1.3.2-4.3mdv2009.1.i586.rpm\r\n 86f0568b160f984cb5da088196079cb4 2009.1/i586/proftpd-mod_case-1.3.2-4.3mdv2009.1.i586.rpm\r\n 4f90e334ee571f25a7dd310cb4c9b0a6 \r\n2009.1/i586/proftpd-mod_ctrls_admin-1.3.2-4.3mdv2009.1.i586.rpm\r\n a5734ea5aa1b96c8f8245810ac837d94 2009.1/i586/proftpd-mod_gss-1.3.2-4.3mdv2009.1.i586.rpm\r\n a8908a6f38c06080079f21616260b5b2 \r\n2009.1/i586/proftpd-mod_ifsession-1.3.2-4.3mdv2009.1.i586.rpm\r\n c88b0e334beb4fb0dd13861cc58f3c0a 2009.1/i586/proftpd-mod_ldap-1.3.2-4.3mdv2009.1.i586.rpm\r\n a7687eb04f0c0bb2c3cccd7e87047b38 2009.1/i586/proftpd-mod_load-1.3.2-4.3mdv2009.1.i586.rpm\r\n 94167be7342868855c34e8a733d6179c \r\n2009.1/i586/proftpd-mod_quotatab-1.3.2-4.3mdv2009.1.i586.rpm\r\n 3d4483dd721b1531443c628bcb51bb87 \r\n2009.1/i586/proftpd-mod_quotatab_file-1.3.2-4.3mdv2009.1.i586.rpm\r\n 5def57fd05b0b6d264c0ff06be3c452e \r\n2009.1/i586/proftpd-mod_quotatab_ldap-1.3.2-4.3mdv2009.1.i586.rpm\r\n be1a11751a260b9485706d025f7b790a \r\n2009.1/i586/proftpd-mod_quotatab_radius-1.3.2-4.3mdv2009.1.i586.rpm\r\n 6bccd6b2703e063a1f868c281af2fb14 \r\n2009.1/i586/proftpd-mod_quotatab_sql-1.3.2-4.3mdv2009.1.i586.rpm\r\n caf0a181179c7e7b0df438145993c260 2009.1/i586/proftpd-mod_radius-1.3.2-4.3mdv2009.1.i586.rpm\r\n 4bfc301f665459020fd01d241418da10 2009.1/i586/proftpd-mod_ratio-1.3.2-4.3mdv2009.1.i586.rpm\r\n e203d54440dc6c63cfa280f4a1645477 \r\n2009.1/i586/proftpd-mod_rewrite-1.3.2-4.3mdv2009.1.i586.rpm\r\n 06bcb89523dcb2834f36363eb951508d 2009.1/i586/proftpd-mod_sftp-1.3.2-4.3mdv2009.1.i586.rpm\r\n 5ad0cdf4611e919be1e40d9dbebf23d0 2009.1/i586/proftpd-mod_shaper-1.3.2-4.3mdv2009.1.i586.rpm\r\n 9510932406f1d51532c0f4628656ae84 \r\n2009.1/i586/proftpd-mod_site_misc-1.3.2-4.3mdv2009.1.i586.rpm\r\n ebf6f6220d9cab6c5b5a288bc956fdd0 2009.1/i586/proftpd-mod_sql-1.3.2-4.3mdv2009.1.i586.rpm\r\n 3aafc84edd0adbcfecb3b6ea02a20bf1 \r\n2009.1/i586/proftpd-mod_sql_mysql-1.3.2-4.3mdv2009.1.i586.rpm\r\n c912e99c6651730738188eb67b5a89e1 \r\n2009.1/i586/proftpd-mod_sql_postgres-1.3.2-4.3mdv2009.1.i586.rpm\r\n 9589a010aed9f23e72ec6db855b184f9 2009.1/i586/proftpd-mod_time-1.3.2-4.3mdv2009.1.i586.rpm\r\n 1eeeda75990735116ab07c674fe2c623 2009.1/i586/proftpd-mod_tls-1.3.2-4.3mdv2009.1.i586.rpm\r\n fce42746d17f5b11c97319591bb9a88f 2009.1/i586/proftpd-mod_vroot-1.3.2-4.3mdv2009.1.i586.rpm\r\n c4b1f7509fedc9b88646fb70adc12b45 2009.1/i586/proftpd-mod_wrap-1.3.2-4.3mdv2009.1.i586.rpm\r\n 4a2b73b02a9c0dcf4e63323d350fa95c \r\n2009.1/i586/proftpd-mod_wrap_file-1.3.2-4.3mdv2009.1.i586.rpm\r\n fb3df7fa8c2c538dd8c613fafc41f1f5 \r\n2009.1/i586/proftpd-mod_wrap_sql-1.3.2-4.3mdv2009.1.i586.rpm \r\n c7a3b4ac2e75e9dfe3912e73bb272fa9 2009.1/SRPMS/proftpd-1.3.2-4.3mdv2009.1.src.rpm\r\n\r\n Mandriva Linux 2009.1/X86_64:\r\n a6b2830005df037307afb5b825511861 2009.1/x86_64/proftpd-1.3.2-4.3mdv2009.1.x86_64.rpm\r\n af595e88d9ba8dc6cbcacf27ca1dbcc2 2009.1/x86_64/proftpd-devel-1.3.2-4.3mdv2009.1.x86_64.rpm\r\n 9735071e01d2392cd1f59d3e02395d63 \r\n2009.1/x86_64/proftpd-mod_autohost-1.3.2-4.3mdv2009.1.x86_64.rpm\r\n 916358bef91a16077806c86de9d1efd9 \r\n2009.1/x86_64/proftpd-mod_ban-1.3.2-4.3mdv2009.1.x86_64.rpm\r\n d53d77569fe4ce057db0a35b03fa0ca7 \r\n2009.1/x86_64/proftpd-mod_case-1.3.2-4.3mdv2009.1.x86_64.rpm\r\n f56dee8296e1593141844dc73ad3df37 \r\n2009.1/x86_64/proftpd-mod_ctrls_admin-1.3.2-4.3mdv2009.1.x86_64.rpm\r\n 37350fff9604f97a4e1c26b32be76c8e \r\n2009.1/x86_64/proftpd-mod_gss-1.3.2-4.3mdv2009.1.x86_64.rpm\r\n 7ba0e7dcc812128665960b490e4b3c1d \r\n2009.1/x86_64/proftpd-mod_ifsession-1.3.2-4.3mdv2009.1.x86_64.rpm\r\n 907665b726396f366b60aed937978731 \r\n2009.1/x86_64/proftpd-mod_ldap-1.3.2-4.3mdv2009.1.x86_64.rpm\r\n 4beaa5f007e4c39c26dc16832b57951f \r\n2009.1/x86_64/proftpd-mod_load-1.3.2-4.3mdv2009.1.x86_64.rpm\r\n b420a6fd444b76842810fd9b82d11792 \r\n2009.1/x86_64/proftpd-mod_quotatab-1.3.2-4.3mdv2009.1.x86_64.rpm\r\n 919fc5751a1aded6c19f8fadfbb5847b \r\n2009.1/x86_64/proftpd-mod_quotatab_file-1.3.2-4.3mdv2009.1.x86_64.rpm\r\n dbce5c8d0805f9af94c19fb4087084db \r\n2009.1/x86_64/proftpd-mod_quotatab_ldap-1.3.2-4.3mdv2009.1.x86_64.rpm\r\n 00fda6395cf2653bd5db8dc9baef0314 \r\n2009.1/x86_64/proftpd-mod_quotatab_radius-1.3.2-4.3mdv2009.1.x86_64.rpm\r\n d575efa232443920270251bf28ec8d87 \r\n2009.1/x86_64/proftpd-mod_quotatab_sql-1.3.2-4.3mdv2009.1.x86_64.rpm\r\n 6ca6948f914c39bca76d3e0b2a0e0491 \r\n2009.1/x86_64/proftpd-mod_radius-1.3.2-4.3mdv2009.1.x86_64.rpm\r\n e60d42f42db99fdc70a5c559a8798f32 \r\n2009.1/x86_64/proftpd-mod_ratio-1.3.2-4.3mdv2009.1.x86_64.rpm\r\n 500e7d59b18e03ce2d1d646faec35df0 \r\n2009.1/x86_64/proftpd-mod_rewrite-1.3.2-4.3mdv2009.1.x86_64.rpm\r\n d42351a95a97e208c26a73500e586964 \r\n2009.1/x86_64/proftpd-mod_sftp-1.3.2-4.3mdv2009.1.x86_64.rpm\r\n 2b57a3244903b09e30dd501e4e23bddc \r\n2009.1/x86_64/proftpd-mod_shaper-1.3.2-4.3mdv2009.1.x86_64.rpm\r\n bc1c1edc3ac9df62ad6ffed6f177031b \r\n2009.1/x86_64/proftpd-mod_site_misc-1.3.2-4.3mdv2009.1.x86_64.rpm\r\n cf2362de6b2c03fcfdab454abc6250d6 \r\n2009.1/x86_64/proftpd-mod_sql-1.3.2-4.3mdv2009.1.x86_64.rpm\r\n 11579dca45c5262109f6dd5eeb102248 \r\n2009.1/x86_64/proftpd-mod_sql_mysql-1.3.2-4.3mdv2009.1.x86_64.rpm\r\n 5e042bbd8d138e0384415ea1f7d8c987 \r\n2009.1/x86_64/proftpd-mod_sql_postgres-1.3.2-4.3mdv2009.1.x86_64.rpm\r\n bb8d509fa422b044fa7c0a54f772e828 \r\n2009.1/x86_64/proftpd-mod_time-1.3.2-4.3mdv2009.1.x86_64.rpm\r\n f0ac0f2b95b20a6d94563bb3b795b631 \r\n2009.1/x86_64/proftpd-mod_tls-1.3.2-4.3mdv2009.1.x86_64.rpm\r\n 2d84e91e39cdb70dfa99f506ea1c149f \r\n2009.1/x86_64/proftpd-mod_vroot-1.3.2-4.3mdv2009.1.x86_64.rpm\r\n 541d2cc751afa34051d9b7e0ffc77867 \r\n2009.1/x86_64/proftpd-mod_wrap-1.3.2-4.3mdv2009.1.x86_64.rpm\r\n a031f41be3c2bbf19b2ad87aa723afec \r\n2009.1/x86_64/proftpd-mod_wrap_file-1.3.2-4.3mdv2009.1.x86_64.rpm\r\n b9d6b63bd48b9ea2fb08dbf1f53cc452 \r\n2009.1/x86_64/proftpd-mod_wrap_sql-1.3.2-4.3mdv2009.1.x86_64.rpm \r\n c7a3b4ac2e75e9dfe3912e73bb272fa9 2009.1/SRPMS/proftpd-1.3.2-4.3mdv2009.1.src.rpm\r\n\r\n Mandriva Linux 2010.0:\r\n dd848a74a6324fe3e4887ffd8f7a0947 2010.0/i586/proftpd-1.3.2b-1.2mdv2010.0.i586.rpm\r\n 46541f77ec1d551384434303c9d771fd 2010.0/i586/proftpd-devel-1.3.2b-1.2mdv2010.0.i586.rpm\r\n affa6d8649ff49826359525e5e3c3bc3 \r\n2010.0/i586/proftpd-mod_autohost-1.3.2b-1.2mdv2010.0.i586.rpm\r\n 34ab986bd1bd58d64a76474dcce4024d 2010.0/i586/proftpd-mod_ban-1.3.2b-1.2mdv2010.0.i586.rpm\r\n c05796ea6a65e0254e1c2a59d0cde26a 2010.0/i586/proftpd-mod_case-1.3.2b-1.2mdv2010.0.i586.rpm\r\n 2fde4f8529ad42e6543dc394eb37a6a8 \r\n2010.0/i586/proftpd-mod_ctrls_admin-1.3.2b-1.2mdv2010.0.i586.rpm\r\n 2bea60920c8e153bd1a06d66c116b385 2010.0/i586/proftpd-mod_gss-1.3.2b-1.2mdv2010.0.i586.rpm\r\n 7c28ba2a2ee6264b0f1e904946027ed3 \r\n2010.0/i586/proftpd-mod_ifsession-1.3.2b-1.2mdv2010.0.i586.rpm\r\n 113fb3cdd9ca077d0fad2bf161eb33a1 2010.0/i586/proftpd-mod_ldap-1.3.2b-1.2mdv2010.0.i586.rpm\r\n 218d363874a9aaab6110a7a71f27c75e 2010.0/i586/proftpd-mod_load-1.3.2b-1.2mdv2010.0.i586.rpm\r\n a14950554085fb3ac61e1f4e130ef106 \r\n2010.0/i586/proftpd-mod_quotatab-1.3.2b-1.2mdv2010.0.i586.rpm\r\n 8869ae8cbda130c213eac45431574ec6 \r\n2010.0/i586/proftpd-mod_quotatab_file-1.3.2b-1.2mdv2010.0.i586.rpm\r\n 18a141a036989e9d2ba2b721ea3d96b9 \r\n2010.0/i586/proftpd-mod_quotatab_ldap-1.3.2b-1.2mdv2010.0.i586.rpm\r\n 9c375770f082cd7f50f57ed3b8cfe18e \r\n2010.0/i586/proftpd-mod_quotatab_radius-1.3.2b-1.2mdv2010.0.i586.rpm\r\n ee252f0c88ee6095f8bc4b274524b4a5 \r\n2010.0/i586/proftpd-mod_quotatab_sql-1.3.2b-1.2mdv2010.0.i586.rpm\r\n fd8a104edd647e59433b0c2c1e442cbb \r\n2010.0/i586/proftpd-mod_radius-1.3.2b-1.2mdv2010.0.i586.rpm\r\n f8ba2195c779a419dd7d98265b9adf72 2010.0/i586/proftpd-mod_ratio-1.3.2b-1.2mdv2010.0.i586.rpm\r\n cb326955ce385af35b2d47a536ea295a \r\n2010.0/i586/proftpd-mod_rewrite-1.3.2b-1.2mdv2010.0.i586.rpm\r\n dac761ac2c329edb8063ef4042623b1c 2010.0/i586/proftpd-mod_sftp-1.3.2b-1.2mdv2010.0.i586.rpm\r\n 05b65a6650d0e403a6ca311d0738e1b0 \r\n2010.0/i586/proftpd-mod_shaper-1.3.2b-1.2mdv2010.0.i586.rpm\r\n 64bb01402af73cfae14e3d817ec0054b \r\n2010.0/i586/proftpd-mod_site_misc-1.3.2b-1.2mdv2010.0.i586.rpm\r\n 5fa7191a640c5a7ce6e85cd507c4f2e5 2010.0/i586/proftpd-mod_sql-1.3.2b-1.2mdv2010.0.i586.rpm\r\n 652d750f6cab24c68a1befab39687f76 \r\n2010.0/i586/proftpd-mod_sql_mysql-1.3.2b-1.2mdv2010.0.i586.rpm\r\n aad34f7718fdfb07e0094389527916c0 \r\n2010.0/i586/proftpd-mod_sql_postgres-1.3.2b-1.2mdv2010.0.i586.rpm\r\n 80515fe8363c5cce8b5a612ca212e8ee 2010.0/i586/proftpd-mod_time-1.3.2b-1.2mdv2010.0.i586.rpm\r\n f7ea09c7b36a478d23834fb682383306 2010.0/i586/proftpd-mod_tls-1.3.2b-1.2mdv2010.0.i586.rpm\r\n 36de8f7fda7d9f1337db55f214b07c00 2010.0/i586/proftpd-mod_vroot-1.3.2b-1.2mdv2010.0.i586.rpm\r\n 275e5015b8ddd2a9acb0df46e8916bb1 2010.0/i586/proftpd-mod_wrap-1.3.2b-1.2mdv2010.0.i586.rpm\r\n 85997703010f8bb600924a1fbe8a12a5 \r\n2010.0/i586/proftpd-mod_wrap_file-1.3.2b-1.2mdv2010.0.i586.rpm\r\n 9f56cf0f821f549eed1fd3a171de5369 \r\n2010.0/i586/proftpd-mod_wrap_sql-1.3.2b-1.2mdv2010.0.i586.rpm \r\n 58436f06fb26948305063a45e78bcbd7 2010.0/SRPMS/proftpd-1.3.2b-1.2mdv2010.0.src.rpm\r\n\r\n Mandriva Linux 2010.0/X86_64:\r\n f1c0704dbc0a1a60e14d3fb9c4a99be6 2010.0/x86_64/proftpd-1.3.2b-1.2mdv2010.0.x86_64.rpm\r\n ab73990c06fa7c5413b16a6b5d7a573c 2010.0/x86_64/proftpd-devel-1.3.2b-1.2mdv2010.0.x86_64.rpm\r\n 643770bc38a29e4ebd038e7f2e69aa82 \r\n2010.0/x86_64/proftpd-mod_autohost-1.3.2b-1.2mdv2010.0.x86_64.rpm\r\n 0fd5d618b8b25caace31730e91b6b89b \r\n2010.0/x86_64/proftpd-mod_ban-1.3.2b-1.2mdv2010.0.x86_64.rpm\r\n 84c0d0270036098e030c7894b8941b18 \r\n2010.0/x86_64/proftpd-mod_case-1.3.2b-1.2mdv2010.0.x86_64.rpm\r\n 172d49b23d21a0634a8706455b0b6c2f \r\n2010.0/x86_64/proftpd-mod_ctrls_admin-1.3.2b-1.2mdv2010.0.x86_64.rpm\r\n 054138333a930839693096e41008d3d2 \r\n2010.0/x86_64/proftpd-mod_gss-1.3.2b-1.2mdv2010.0.x86_64.rpm\r\n 29743fe4a50c4f203bcd36959bcda682 \r\n2010.0/x86_64/proftpd-mod_ifsession-1.3.2b-1.2mdv2010.0.x86_64.rpm\r\n 7d3279d6b591d646b41239ec3100043a \r\n2010.0/x86_64/proftpd-mod_ldap-1.3.2b-1.2mdv2010.0.x86_64.rpm\r\n 3d511ac9140ca7ef3fa60baed95afd8f \r\n2010.0/x86_64/proftpd-mod_load-1.3.2b-1.2mdv2010.0.x86_64.rpm\r\n f6e31dda4763bb5025805600039da742 \r\n2010.0/x86_64/proftpd-mod_quotatab-1.3.2b-1.2mdv2010.0.x86_64.rpm\r\n 14064603c7cd05a8fb795a5001170128 \r\n2010.0/x86_64/proftpd-mod_quotatab_file-1.3.2b-1.2mdv2010.0.x86_64.rpm\r\n 3d50ae2c6d617ed9e44b360a049364a4 \r\n2010.0/x86_64/proftpd-mod_quotatab_ldap-1.3.2b-1.2mdv2010.0.x86_64.rpm\r\n 2ac18660eaf6d93a86acbf8f95b7c875 \r\n2010.0/x86_64/proftpd-mod_quotatab_radius-1.3.2b-1.2mdv2010.0.x86_64.rpm\r\n 4336bcc4b91e4be399128ccf9f951147 \r\n2010.0/x86_64/proftpd-mod_quotatab_sql-1.3.2b-1.2mdv2010.0.x86_64.rpm\r\n 152eeb85deb93868890388677b0682f8 \r\n2010.0/x86_64/proftpd-mod_radius-1.3.2b-1.2mdv2010.0.x86_64.rpm\r\n 572f38135ba48c45ec34d3f745d847ca \r\n2010.0/x86_64/proftpd-mod_ratio-1.3.2b-1.2mdv2010.0.x86_64.rpm\r\n 12b4d2342f57f486f9859b58bd949006 \r\n2010.0/x86_64/proftpd-mod_rewrite-1.3.2b-1.2mdv2010.0.x86_64.rpm\r\n 6ed0182708abfde9a07018edef86f50e \r\n2010.0/x86_64/proftpd-mod_sftp-1.3.2b-1.2mdv2010.0.x86_64.rpm\r\n 45df194fc6aa7b0399bd671b0075a8c8 \r\n2010.0/x86_64/proftpd-mod_shaper-1.3.2b-1.2mdv2010.0.x86_64.rpm\r\n 566d8a8d28ac8e3a8f17144b6264e150 \r\n2010.0/x86_64/proftpd-mod_site_misc-1.3.2b-1.2mdv2010.0.x86_64.rpm\r\n 3c1c7f67320e45cc2abfac83882ebd7c \r\n2010.0/x86_64/proftpd-mod_sql-1.3.2b-1.2mdv2010.0.x86_64.rpm\r\n ee6e76d8c5c9dee971e718e06f3289e4 \r\n2010.0/x86_64/proftpd-mod_sql_mysql-1.3.2b-1.2mdv2010.0.x86_64.rpm\r\n b4a54dd69f873cd05bbf51f17def15fc \r\n2010.0/x86_64/proftpd-mod_sql_postgres-1.3.2b-1.2mdv2010.0.x86_64.rpm\r\n 669bf78b41fbb88407b577303e1882d3 \r\n2010.0/x86_64/proftpd-mod_time-1.3.2b-1.2mdv2010.0.x86_64.rpm\r\n e30a73829fc8be2bc42324abdcd39eef \r\n2010.0/x86_64/proftpd-mod_tls-1.3.2b-1.2mdv2010.0.x86_64.rpm\r\n a758dad6d4dd6b081d73606c92491cf5 \r\n2010.0/x86_64/proftpd-mod_vroot-1.3.2b-1.2mdv2010.0.x86_64.rpm\r\n ffe3b49a7437603bfe7306a2b768dd84 \r\n2010.0/x86_64/proftpd-mod_wrap-1.3.2b-1.2mdv2010.0.x86_64.rpm\r\n 08799784805658560301aa693f5ac870 \r\n2010.0/x86_64/proftpd-mod_wrap_file-1.3.2b-1.2mdv2010.0.x86_64.rpm\r\n b5c8299cfab2810dc0815bb075ce94d5 \r\n2010.0/x86_64/proftpd-mod_wrap_sql-1.3.2b-1.2mdv2010.0.x86_64.rpm \r\n 58436f06fb26948305063a45e78bcbd7 2010.0/SRPMS/proftpd-1.3.2b-1.2mdv2010.0.src.rpm\r\n\r\n Corporate 4.0:\r\n 9e3c2dad7e39f57a136edacdda8ba9cd corporate/4.0/i586/proftpd-1.3.2-0.4.20060mlcs4.i586.rpm\r\n 110df4bcd0dee71f075376bb19ef1097 \r\ncorporate/4.0/i586/proftpd-anonymous-1.3.2-0.4.20060mlcs4.i586.rpm \r\n b360f33279447f5893702533394169ae corporate/4.0/SRPMS/proftpd-1.3.2-0.4.20060mlcs4.src.rpm\r\n\r\n Corporate 4.0/X86_64:\r\n 0ad472dfac3bd614b0be3dcfeac2a1f1 \r\ncorporate/4.0/x86_64/proftpd-1.3.2-0.4.20060mlcs4.x86_64.rpm\r\n b254e9c733d69fc628e6bfc2b3c7f65c \r\ncorporate/4.0/x86_64/proftpd-anonymous-1.3.2-0.4.20060mlcs4.x86_64.rpm \r\n b360f33279447f5893702533394169ae corporate/4.0/SRPMS/proftpd-1.3.2-0.4.20060mlcs4.src.rpm\r\n\r\n Mandriva Enterprise Server 5:\r\n 5b2e8c71ac240f80a4039fb3d00fa37e mes5/i586/proftpd-1.3.2-0.4mdvmes5.i586.rpm\r\n ef09730e96320171b4de114c4d72d359 mes5/i586/proftpd-devel-1.3.2-0.4mdvmes5.i586.rpm\r\n 998850de820e66e1d2fc65ca549e9f32 mes5/i586/proftpd-mod_autohost-1.3.2-0.4mdvmes5.i586.rpm\r\n 2bd18082feea9388ac5e8c67472976eb mes5/i586/proftpd-mod_ban-1.3.2-0.4mdvmes5.i586.rpm\r\n a2bde579998df96473ca81f807a9c9f8 mes5/i586/proftpd-mod_case-1.3.2-0.4mdvmes5.i586.rpm\r\n 76dd97730a1b1ba5309f90f34fbc03db \r\nmes5/i586/proftpd-mod_ctrls_admin-1.3.2-0.4mdvmes5.i586.rpm\r\n e2134d16144cd7547a0dc8971e1a3060 mes5/i586/proftpd-mod_gss-1.3.2-0.4mdvmes5.i586.rpm\r\n a5671b83d898fbf1dd0ce51de25bf12d mes5/i586/proftpd-mod_ifsession-1.3.2-0.4mdvmes5.i586.rpm\r\n 22c6dfc8dfca54756a45e2dee109baee mes5/i586/proftpd-mod_ldap-1.3.2-0.4mdvmes5.i586.rpm\r\n 89f4a985b0ebb8fba1edbf55978bf9fe mes5/i586/proftpd-mod_load-1.3.2-0.4mdvmes5.i586.rpm\r\n a777590d5a343fb3a740aed759213a1d mes5/i586/proftpd-mod_quotatab-1.3.2-0.4mdvmes5.i586.rpm\r\n cdd5769777d519e277372332255dfc34 \r\nmes5/i586/proftpd-mod_quotatab_file-1.3.2-0.4mdvmes5.i586.rpm\r\n 141f0e25185f09587b04189adfe479db \r\nmes5/i586/proftpd-mod_quotatab_ldap-1.3.2-0.4mdvmes5.i586.rpm\r\n e0c1b91d7620873739dca6b6a43e6cb2 \r\nmes5/i586/proftpd-mod_quotatab_radius-1.3.2-0.4mdvmes5.i586.rpm\r\n 6ce076f23e5c7945bb249df74d4f2c42 \r\nmes5/i586/proftpd-mod_quotatab_sql-1.3.2-0.4mdvmes5.i586.rpm\r\n 3d6d02f7b0fda8c5eca95e5e0ed247bf mes5/i586/proftpd-mod_radius-1.3.2-0.4mdvmes5.i586.rpm\r\n 5897cc00855488396715caf933c857fe mes5/i586/proftpd-mod_ratio-1.3.2-0.4mdvmes5.i586.rpm\r\n f7c174e7148559a4be61441b09e72ba0 mes5/i586/proftpd-mod_rewrite-1.3.2-0.4mdvmes5.i586.rpm\r\n da4438f1f256f135f24640ade3a8f405 mes5/i586/proftpd-mod_shaper-1.3.2-0.4mdvmes5.i586.rpm\r\n ee70e402b63828087410961276ee6951 mes5/i586/proftpd-mod_site_misc-1.3.2-0.4mdvmes5.i586.rpm\r\n e2b5308857b74c730766ad5f1c7a2b2d mes5/i586/proftpd-mod_sql-1.3.2-0.4mdvmes5.i586.rpm\r\n d0d26f533cfdb59f012e3df0ff9f04b4 mes5/i586/proftpd-mod_sql_mysql-1.3.2-0.4mdvmes5.i586.rpm\r\n e0a76adf230b1146d44eb74f37326ccc \r\nmes5/i586/proftpd-mod_sql_postgres-1.3.2-0.4mdvmes5.i586.rpm\r\n f6286dfd897db61b472cf01ffeae9e23 mes5/i586/proftpd-mod_time-1.3.2-0.4mdvmes5.i586.rpm\r\n ef2583ddfcdb088f85248fc8e6b32740 mes5/i586/proftpd-mod_tls-1.3.2-0.4mdvmes5.i586.rpm\r\n 0476cf42ec380dc6689fc6df39766b17 mes5/i586/proftpd-mod_vroot-1.3.2-0.4mdvmes5.i586.rpm\r\n 9c681f81c7ff35bfaf0bcfb1c7982b45 mes5/i586/proftpd-mod_wrap-1.3.2-0.4mdvmes5.i586.rpm\r\n 47bba96722c5c17a34fe8329678b02cf mes5/i586/proftpd-mod_wrap_file-1.3.2-0.4mdvmes5.i586.rpm\r\n dadc6c23d5f0807db849ed92781ba94c mes5/i586/proftpd-mod_wrap_sql-1.3.2-0.4mdvmes5.i586.rpm \r\n 096a513d6a8b30b1a35e6fe1db6e502e mes5/SRPMS/proftpd-1.3.2-0.4mdvmes5.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n b120272b49c4e02b9108c0163dc9aa13 mes5/x86_64/proftpd-1.3.2-0.4mdvmes5.x86_64.rpm\r\n 786d17db075a16940d7a1970bd3bb5e7 mes5/x86_64/proftpd-devel-1.3.2-0.4mdvmes5.x86_64.rpm\r\n 3e453ed771a0b87e83a65e2d519f74b3 \r\nmes5/x86_64/proftpd-mod_autohost-1.3.2-0.4mdvmes5.x86_64.rpm\r\n 028689776ee4070201f576cb5bc43817 mes5/x86_64/proftpd-mod_ban-1.3.2-0.4mdvmes5.x86_64.rpm\r\n 18f8e72e3c153f363df5a3c801653196 mes5/x86_64/proftpd-mod_case-1.3.2-0.4mdvmes5.x86_64.rpm\r\n a85176fbdd6cdf97959d16c591bbdb4a \r\nmes5/x86_64/proftpd-mod_ctrls_admin-1.3.2-0.4mdvmes5.x86_64.rpm\r\n 5fc16355fed589ee81f3a91edf971d34 mes5/x86_64/proftpd-mod_gss-1.3.2-0.4mdvmes5.x86_64.rpm\r\n 84407e0d9a98d6fc1df92b0f0ebe707d \r\nmes5/x86_64/proftpd-mod_ifsession-1.3.2-0.4mdvmes5.x86_64.rpm\r\n 158cb04b200c2d3c4695bf0f52cf1ac1 mes5/x86_64/proftpd-mod_ldap-1.3.2-0.4mdvmes5.x86_64.rpm\r\n cf103f660b82e65c126522a062652104 mes5/x86_64/proftpd-mod_load-1.3.2-0.4mdvmes5.x86_64.rpm\r\n 7ec1019d08d8346a4cf610a3d323b234 \r\nmes5/x86_64/proftpd-mod_quotatab-1.3.2-0.4mdvmes5.x86_64.rpm\r\n 6952dfbef25c19c4078d88562ddc5a5a \r\nmes5/x86_64/proftpd-mod_quotatab_file-1.3.2-0.4mdvmes5.x86_64.rpm\r\n ddf6388392f885857649c959f53d5f57 \r\nmes5/x86_64/proftpd-mod_quotatab_ldap-1.3.2-0.4mdvmes5.x86_64.rpm\r\n 4c79e36c689ee1106e058a4267613c41 \r\nmes5/x86_64/proftpd-mod_quotatab_radius-1.3.2-0.4mdvmes5.x86_64.rpm\r\n 0dc81114692e6556b75b7173bcc29b23 \r\nmes5/x86_64/proftpd-mod_quotatab_sql-1.3.2-0.4mdvmes5.x86_64.rpm\r\n 57309c9b341d3e0e33592c8f1972b964 mes5/x86_64/proftpd-mod_radius-1.3.2-0.4mdvmes5.x86_64.rpm\r\n 9211a258846d7c26a0763ac14125669d mes5/x86_64/proftpd-mod_ratio-1.3.2-0.4mdvmes5.x86_64.rpm\r\n 46a8bc1b19a11a94351293cd41c886ee \r\nmes5/x86_64/proftpd-mod_rewrite-1.3.2-0.4mdvmes5.x86_64.rpm\r\n 1afddfeccf086fabc8985fb51562eb36 mes5/x86_64/proftpd-mod_shaper-1.3.2-0.4mdvmes5.x86_64.rpm\r\n ba08b0aa1ecbe72fec308fc64f9601e4 \r\nmes5/x86_64/proftpd-mod_site_misc-1.3.2-0.4mdvmes5.x86_64.rpm\r\n 7048d53a7b8d7a91d0364fc73206783c mes5/x86_64/proftpd-mod_sql-1.3.2-0.4mdvmes5.x86_64.rpm\r\n ccfc7ff7a7dfd430bbb4f531bbd5f2d7 \r\nmes5/x86_64/proftpd-mod_sql_mysql-1.3.2-0.4mdvmes5.x86_64.rpm\r\n 2c21fa4038914aa6127f1ca5a905b50d \r\nmes5/x86_64/proftpd-mod_sql_postgres-1.3.2-0.4mdvmes5.x86_64.rpm\r\n bf98fec5f6167f77fdc11431f0eadfde mes5/x86_64/proftpd-mod_time-1.3.2-0.4mdvmes5.x86_64.rpm\r\n 503696b82de33085447527a0ece12b72 mes5/x86_64/proftpd-mod_tls-1.3.2-0.4mdvmes5.x86_64.rpm\r\n 5910d34c9b33b82b889495148019b57f mes5/x86_64/proftpd-mod_vroot-1.3.2-0.4mdvmes5.x86_64.rpm\r\n 189989e62986c53d1132bac4fcf5d55a mes5/x86_64/proftpd-mod_wrap-1.3.2-0.4mdvmes5.x86_64.rpm\r\n deb92c92045b7f39c06ab2537b36c35d \r\nmes5/x86_64/proftpd-mod_wrap_file-1.3.2-0.4mdvmes5.x86_64.rpm\r\n 512eeb68347e31174846d2825ae2069e \r\nmes5/x86_64/proftpd-mod_wrap_sql-1.3.2-0.4mdvmes5.x86_64.rpm \r\n 096a513d6a8b30b1a35e6fe1db6e502e mes5/SRPMS/proftpd-1.3.2-0.4mdvmes5.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (GNU/Linux)\r\n\r\niD8DBQFLMK6AmqjQ0CJFipgRAjj1AJ4gDdbY1CsNcLb5TXdAZYtMjk9EQACg5Mnd\r\nrRXKi0zMkqfD5bNJDudoE2w=\r\n=1SEX\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2009-12-22T00:00:00", "published": "2009-12-22T00:00:00", "id": "SECURITYVULNS:DOC:22982", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22982", "title": "[ MDVSA-2009:337 ] proftpd", "type": "securityvulns", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:33", "bulletinFamily": "software", "cvelist": ["CVE-2009-3555"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAruba Networks Security Advisory\r\n\r\nTitle: TLS Protocol Session Renegotiation Security Vulnerability\r\n\r\nAruba Advisory ID: AID-020810\r\nRevision: 1.0\r\n\r\nFor Public Release on 02/08/2010\r\n\r\n+----------------------------------------------------\r\n\r\nSUMMARY\r\n\r\nThis advisory addresses the renegotiation related vulnerability\r\ndisclosed recently in Transport Layer Security protocol [1][2]. This\r\nvulnerability may allow a Man-in-the-Middle (MITM) attacker to inject\r\narbitrary data into the beginning of the application protocol stream\r\nprotected by TLS.\r\n\r\nThe only ArubaOS component that seems affected by this issue is the\r\nHTTPS WebUI administration interface. If a client browser (victim) is\r\nconfigured to authenticate to the WebUI over HTTPS using a client\r\ncertificate, an attacker can potentially use the victim's credentials\r\ntemporarily to execute arbitrary HTTP request for each initiation of an\r\nHTTPS session from the victim to the WebUI. This would happen without\r\nany HTTPS/TLS warnings to the victim. This condition can essentially be\r\nexploited by an attacker for command injection in beginning of a HTTPS\r\nsession between the victim and the ArubaOS WebUI.\r\n\r\nArubaOS itself does not initiate TLS renegotiation at any point and\r\nhence is only vulnerable to scenario where a client explicitly requests\r\nTLS renegotiation. Captive Portal users do not seem vulnerable to this\r\nissue unless somehow client certificates are being used to authenticate\r\ncaptive portal users.\r\n\r\nAFFECTED ArubaOS VERSIONS\r\n\r\n 2.5.6.x, 3.3.2.x, 3.3.3.x, 3.4.0.x, 3.4.1.x, RN 3.1.x, 3.3.2.x-FIPS,\r\n2.4.8.x-FIPS\r\n\r\n\r\nCHECK IF YOU ARE VULNERABLE\r\n\r\nThe only ArubaOS component that seems affected by this issue is the\r\nHTTPS WebUI administration interface. ArubaOS is vulnerable only if its\r\nconfiguration permits WebUI administration interface clients to connect\r\nusing either username/password or client certificates. If only one of\r\nthe two authentication method is allowed, this issue does not seem to apply.\r\n\r\nCheck if the following line appears in your configuration:\r\n \r\n web-server mgmt-auth username/password certificate\r\n\r\nIf the exact line does not appear in the configuration, this issue does\r\nnot apply.\r\n \r\n\r\nDETAILS\r\n\r\nAn industry wide vulnerability was discovered in TLS protocol's\r\nrenegotiation feature, which allows a client and server who already have\r\na TLS connection to negotiate new session parameters and generate new\r\nkey material. Renegotiation is carried out in the existing TLS\r\nconnection. However there is no cryptographic binding between the\r\nrenegotiated TLS session and the original TLS session. An attacker who\r\nhas established MITM between client and server may be able to take\r\nadvantage of this and inject arbitrary data into the beginning of the\r\napplication protocol stream protected by TLS. Specifically arbitrary\r\nHTTP requests can be injected in a HTTPS session where attacker (MITM)\r\nblocks HTTPS session initiation between client and server, establishes\r\nHTTPS session with the server itself, injects HTTP data and initiates\r\nTLS renegotiation with the server. Then attacker allows the\r\nrenegotiation to occur between the client and the server. After\r\nsuccessful HTTPS session establishment with the server, now the client\r\nsends its HTTP request along with its HTTP credentials (cookie) to the\r\nserver. However due to format of attacker's injected HTTP data, the\r\nclient's HTTP request is not processed, rather the attacker's HTTP\r\nrequest gets executed with credentials of the client. The attacker is\r\nnot able to view the results of the injected HTTP request due to the\r\nfact that data between the client and the server is encrypted over\r\nHTTPS.\r\n\r\nArubaOS itself does not initiate TLS renegotiation at any point.\r\n\r\nIMPACT\r\n\r\nThis vulnerability may allow a MITM attacker to inject arbitrary HTTP\r\nrequest data into the beginning of a HTTPS session between client and\r\nserver (ArubaOS WebUI). The only ArubaOS component that seems affected\r\nby this issue is the HTTPS WebUI administration interface.\r\n\r\nPre-requisites for this attack :\r\n 1. The attacker must be able to establish a MITM between the client and\r\nthe server (ArubaOS WebUI).\r\n 2. The attacker must be able to establish a successful HTTPS session\r\nwith the server (ArubaOS WebUI)\r\n 3. ArubaOS must be configured to allow certificate based HTTPS\r\nauthentication for WebUI clients (client certs).\r\n\r\nCaptive Portal users do not seem vulnerable to this issue unless somehow\r\nclient certificates are being used to authenticate captive portal users.\r\n\r\nCVSS v2 BASE METRIC SCORE: 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)\r\n\r\n\r\nWORKAROUNDS\r\n\r\nAruba Networks recommends that all customers apply the appropriate\r\npatch(es) as soon as practical. However, in the event that a patch\r\ncannot immediately be applied, the following steps will help to mitigate\r\nthe risk:\r\n\r\n- - - Disable certificate based HTTPS authentication (and only allow\r\nusername-password based authentication) for WebUI clients. Client's\r\nusername-password authentication POST request will prohibit attacker's\r\ninjected HTTP data from executing with client's cookie.\r\n CLI command: web-server mgmt-auth username/password\r\n\r\n- - - Permit certificate based HTTPS authentication ONLY and disable\r\nusername-password based authentication to WebUI. This will prohibit\r\nattacker from establishing a HTTPS session with ArubaOS (for MITM)\r\nwithout a valid client cert.\r\n CLI command: web-server mgmt-auth certificate\r\n \r\n Note: This step won't stop command injection from attackers who have\r\nvalid client certificates but their assigned management role privileges\r\nare lower than that of the admin. This attack may allow them to run\r\ncommands at higher privilege than what is permitted in their role.\r\n\r\n- - - Do not expose the Mobility Controller administrative interface to\r\nuntrusted networks such as the Internet.\r\n\r\n\r\n\r\nSOLUTION\r\n\r\nAruba Networks recommends that all customers apply the appropriate\r\npatch(es) as soon as practical.\r\n\r\nThe following patches have the fix (any newer patch will also have the fix):\r\n\r\n- - - - 2.5.6.24\r\n- - - - 3.3.2.23\r\n- - - - 3.3.3.2\r\n- - - - 3.4.0.7\r\n- - - - 3.4.1.1\r\n- - - - RN 3.1.4\r\n\r\nPlease contact Aruba support for obtaining patched FIPS releases.\r\n\r\nPlease note: We highly recommend that you upgrade your Mobility\r\nController to the latest available patch on the Aruba support site\r\ncorresponding to your currently installed release.\r\n\r\n\r\nREFERENCES\r\n\r\n[1] http://extendedsubset.com/?p=8\r\n\r\n[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555\r\n\r\n\r\n\r\n\r\n+----------------------------------------------------\r\n\r\nOBTAINING FIXED FIRMWARE\r\n\r\nAruba customers can obtain the firmware on the support website:\r\n http://www.arubanetworks.com/support.\r\n\r\nAruba Support contacts are as follows:\r\n\r\n 1-800-WiFiLAN (1-800-943-4526) (toll free from within North America)\r\n\r\n +1-408-754-1200 (toll call from anywhere in the world)\r\n\r\n e-mail: support(at)arubanetworks.com\r\n\r\nPlease, do not contact either "wsirt(at)arubanetworks.com" or\r\n"security(at)arubanetworks.com" for software upgrades.\r\n\r\n\r\nEXPLOITATION AND PUBLIC ANNOUNCEMENTS\r\n\r\nThis vulnerability will be announced at\r\n\r\nAruba W.S.I.R.T. Advisory:\r\nhttp://www.arubanetworks.com/support/alerts/aid-020810.txt\r\n\r\nSecurityFocus Bugtraq\r\nhttp://www.securityfocus.com/archive/1\r\n\r\n\r\nSTATUS OF THIS NOTICE: Final\r\n\r\nAlthough Aruba Networks cannot guarantee the accuracy of all statements\r\nin this advisory, all of the facts have been checked to the best of our\r\nability. Aruba Networks does not anticipate issuing updated versions of\r\nthis advisory unless there is some material change in the facts. Should\r\nthere be a significant change in the facts, Aruba Networks may update\r\nthis advisory.\r\n\r\nA stand-alone copy or paraphrase of the text of this security advisory\r\nthat omits the distribution URL in the following section is an uncontrolled\r\ncopy, and may lack important information or contain factual errors.\r\n\r\n\r\nDISTRIBUTION OF THIS ANNOUNCEMENT\r\n\r\nThis advisory will be posted on Aruba's website at:\r\nhttp://www.arubanetworks.com/support/alerts/aid-020810.txt\r\n\r\n\r\nFuture updates of this advisory, if any, will be placed on Aruba's worldwide\r\nwebsite, but may or may not be actively announced on mailing lists or\r\nnewsgroups. Users concerned about this problem are encouraged to check the\r\nabove URL for any updates.\r\n\r\n\r\nREVISION HISTORY\r\n\r\n Revision 1.0 / 02-08-2010 / Initial release\r\n\r\n\r\nARUBA WSIRT SECURITY PROCEDURES\r\n\r\nComplete information on reporting security vulnerabilities in Aruba Networks\r\nproducts, obtaining assistance with security incidents is available at\r\n http://www.arubanetworks.com/support/wsirt.php\r\n\r\n\r\nFor reporting *NEW* Aruba Networks security issues, email can be sent to\r\nwsirt(at)arubanetworks.com or security(at)arubanetworks.com. For sensitive\r\ninformation we encourage the use of PGP encryption. Our public keys can be\r\nfound at\r\n http://www.arubanetworks.com/support/wsirt.php\r\n\r\n\r\n (c) Copyright 2010 by Aruba Networks, Inc.\r\nThis advisory may be redistributed freely after the release date given at\r\nthe top of the text, provided that redistributed copies are complete and\r\nunmodified, including all date and version information.\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v2.0.14 (MingW32)\r\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/\r\n\r\niEYEARECAAYFAktwksYACgkQp6KijA4qefXErQCeKJW3YU3Nl7JY4+2Hp2zqM3bN\r\nbWAAoJWQT+yeWX2q+02hNEwHWQtGf1YP\r\n=CrHf\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2010-02-10T00:00:00", "published": "2010-02-10T00:00:00", "id": "SECURITYVULNS:DOC:23220", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23220", "title": "Aruba Advisory ID: AID-020810 TLS Protocol Session Renegotiation Security Vulnerability", "type": "securityvulns", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2020-07-09T01:45:13", "bulletinFamily": "unix", "cvelist": ["CVE-2009-4355"], "description": "It was discovered that OpenSSL did not correctly free unused memory in \ncertain situations. A remote attacker could trigger this flaw in services \nthat used SSL, causing the service to use all available system memory, \nleading to a denial of service.", "edition": 5, "modified": "2010-01-14T00:00:00", "published": "2010-01-14T00:00:00", "id": "USN-884-1", "href": "https://ubuntu.com/security/notices/USN-884-1", "title": "OpenSSL vulnerability", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-07-09T00:29:17", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555"], "description": "Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 \nprotocols. If an attacker could perform a man in the middle attack at the \nstart of a TLS connection, the attacker could inject arbitrary content at \nthe beginning of the user's session. This update adds backported support \nfor the new RFC5746 renegotiation extension and will use it when both the \nclient and the server support it.\n\nATTENTION: After applying this update, a patched server will allow both \npatched and unpatched clients to connect, but unpatched clients will not be \nable to renegotiate. For more information, please refer to the following: \n<http://www.openssl.org/docs/ssl/SSL_CTX_set_options.html#SECURE_RENEGOTIATION>", "edition": 5, "modified": "2010-09-21T00:00:00", "published": "2010-09-21T00:00:00", "id": "USN-990-1", "href": "https://ubuntu.com/security/notices/USN-990-1", "title": "OpenSSL vulnerability", "type": "ubuntu", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "debian": [{"lastseen": "2020-11-11T13:12:35", "bulletinFamily": "unix", "cvelist": ["CVE-2009-4355"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1970-1 security@debian.org\nhttp://www.debian.org/security/ Stefan Fritsch\nJanuary 13, 2010 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : openssl\nVulnerability : denial of service\nProblem type : remote\nDebian-specific: no\nCVE Id : CVE-2009-4355\n\nIt was discovered that a significant memory leak could occur in openssl,\nrelated to the reinitialization of zlib. This could result in a remotely\nexploitable denial of service vulnerability when using the Apache httpd\nserver in a configuration where mod_ssl, mod_php5, and the php5-curl\nextension are loaded.\n\nThe old stable distribution (etch) is not affected by this issue.\n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 0.9.8g-15+lenny6.\n\nThe packages for the arm architecture are not included in this advisory.\nThey will be released as soon as they become available.\n\nFor the testing distribution (squeeze) and the unstable distribution\n(sid), this problem will be fixed soon. The issue does not seem to be\nexploitable with the apache2 package contained in squeeze/sid.\n\nWe recommend that you upgrade your openssl packages. You also need to\nrestart your Apache httpd server to make sure it uses the updated\nlibraries.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\nIf you use apache2, you should restart it to make sure that it uses the\nupdated libraries:\n\n/etc/init.d/apache2 restart\n\nDebian GNU/Linux 5.0 alias lenny (stable)\n- -----------------------------------------\n\nStable updates are available for alpha, amd64, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g.orig.tar.gz\n Size/MD5 checksum: 3354792 acf70a16359bf3658bdfb74bda1c4419\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny6.dsc\n Size/MD5 checksum: 1973 3240bf459cdb8947e48f2dbefe57a280\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny6.diff.gz\n Size/MD5 checksum: 59104 06bb67baea434b022552960e6cd0f316\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny6_alpha.udeb\n Size/MD5 checksum: 722026 684030ca277ee132aedb6377b8d7f4e9\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny6_alpha.deb\n Size/MD5 checksum: 1028856 7ee53ab22e9b6211e4a043dcebe8c91a\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny6_alpha.deb\n Size/MD5 checksum: 2813580 c5623a1bc1363cdda859a7fb7821f26e\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny6_alpha.deb\n Size/MD5 checksum: 4369342 a5c5c8e0fabeab67421ddcd3143fc14e\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny6_alpha.deb\n Size/MD5 checksum: 2582954 e78239c77c259265884f0fc3a916c1da\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny6_amd64.udeb\n Size/MD5 checksum: 638372 b6aefcac5fe4c7b506fd328594a7ef1e\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny6_amd64.deb\n Size/MD5 checksum: 975718 d993a3bf5c2b714f34241d4129c5cd91\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny6_amd64.deb\n Size/MD5 checksum: 1043198 c4d0fa66bbf6bb9a85a5c926d6d32823\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny6_amd64.deb\n Size/MD5 checksum: 2242218 4eabde020e8cbcab26342fa0ce1c6d94\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny6_amd64.deb\n Size/MD5 checksum: 1627524 dc09c2e462fe448ed63fe884dbc03c9c\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny6_armel.deb\n Size/MD5 checksum: 1030998 d505cd8eb7543ca6726fdc91de4d823a\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny6_armel.deb\n Size/MD5 checksum: 850364 c90307d3eb1fc6b9c0a88cfe3f3ce49e\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny6_armel.deb\n Size/MD5 checksum: 1508384 7f7e664d2c2187df7314c16963bcbec4\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny6_armel.deb\n Size/MD5 checksum: 2100080 23b91062f109f6a5b8038142b96aa6ac\n http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny6_armel.udeb\n Size/MD5 checksum: 540714 a27289a8f7c165c9a1d3bc1e5e47d860\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny6_hppa.deb\n Size/MD5 checksum: 968454 307320e4435ac4f745c4589edac24c44\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny6_hppa.deb\n Size/MD5 checksum: 1524864 a385c063f0c7bb11d03f0b10af0ae9e2\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny6_hppa.deb\n Size/MD5 checksum: 2269664 3b20cf2dc9939fe2e7b3f3d0a2ab8022\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny6_hppa.deb\n Size/MD5 checksum: 1046148 7093672ffc82c1f073e7bd9b362622d6\n http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny6_hppa.udeb\n Size/MD5 checksum: 634496 0e4ca720c1f5f756160d5658b6876ace\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny6_i386.deb\n Size/MD5 checksum: 2111886 07b55073b62f613cc0866f100d7da71a\n http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny6_i386.udeb\n Size/MD5 checksum: 591656 24ec3a4b4a96ddfdec5aa478eb31d0b0\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny6_i386.deb\n Size/MD5 checksum: 5389130 70fd24d33bd15049405591f9fc2bbcd1\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny6_i386.deb\n Size/MD5 checksum: 1036390 edeadbfad4cb91701d0d854a809f587d\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny6_i386.deb\n Size/MD5 checksum: 2975114 5e64360f2e6dd5ac7c01be5700352c3e\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny6_ia64.deb\n Size/MD5 checksum: 1091724 02f18d38bd0d81ad842c0a98e717e0d6\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny6_ia64.deb\n Size/MD5 checksum: 1282602 288f179800dc55c7a4329b11a6d8606d\n http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny6_ia64.udeb\n Size/MD5 checksum: 865448 1897cc56f80ba69a6436e35cab884426\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny6_ia64.deb\n Size/MD5 checksum: 2659298 b0618ea500638424b18abc94e4116b8e\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny6_ia64.deb\n Size/MD5 checksum: 1466720 02f43deb94f7ca8c7fc14726e0c546e2\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny6_mips.deb\n Size/MD5 checksum: 2305674 af7113bfec7e8b0e68df37ed5f738f64\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny6_mips.deb\n Size/MD5 checksum: 1025046 4e292bdc8f72ed8501e5023feb8b02ca\n http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny6_mips.udeb\n Size/MD5 checksum: 585108 54d6ca56986ed39dabd7f4abe9d39fea\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny6_mips.deb\n Size/MD5 checksum: 1624960 7917a77cac88a712d07667b3a52f512c\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny6_mips.deb\n Size/MD5 checksum: 899692 d91d59db784860acb0d1754e1e3ae6dc\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny6_mipsel.udeb\n Size/MD5 checksum: 572340 f20f86629cf0413e991ada8d8709ab6a\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny6_mipsel.deb\n Size/MD5 checksum: 2295270 291cd9b3b9716927c199e36ac99cfcdd\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny6_mipsel.deb\n Size/MD5 checksum: 1588064 7a33af46eb5c6fdf29ecd4ccc72fd57a\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny6_mipsel.deb\n Size/MD5 checksum: 1012028 2353015991c7ca5942461695029eba00\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny6_mipsel.deb\n Size/MD5 checksum: 885438 835d6a08a8d0d3dfd12969df207749b1\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny6_powerpc.deb\n Size/MD5 checksum: 1035248 957678dd206e9da5eeb00812110ac4cc\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny6_powerpc.deb\n Size/MD5 checksum: 1643378 515ead9be6696f9f7cee90acad723e8a\n http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny6_powerpc.udeb\n Size/MD5 checksum: 656142 1c55ca2a303a068dc58b48e41106a372\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny6_powerpc.deb\n Size/MD5 checksum: 2244176 14b5fae6837849223de16552f48afd96\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny6_powerpc.deb\n Size/MD5 checksum: 1000474 d5b0c8be8037fa8eb31e128195d73777\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny6_s390.deb\n Size/MD5 checksum: 1602212 05dc99a65418f046330904a95c6e521d\n http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny6_s390.udeb\n Size/MD5 checksum: 692806 efbc1a57f8d002259252d3279bee81d0\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny6_s390.deb\n Size/MD5 checksum: 1051028 5b3fb31b94c4a6bf6a8d2612a062e665\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny6_s390.deb\n Size/MD5 checksum: 1024346 a2189af0b6688ed65478cb88b818754b\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny6_s390.deb\n Size/MD5 checksum: 2231392 1066a2bce93b8eddc9a030bdf0529ced\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8g-15+lenny6_sparc.deb\n Size/MD5 checksum: 2289642 ce5da789600c428462beb658b427d781\n http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny6_sparc.deb\n Size/MD5 checksum: 1044934 f75ef304db194c15ea2de34f841b5825\n http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8g-15+lenny6_sparc.deb\n Size/MD5 checksum: 2141914 cab94489e491e76c7718dd8f88f89049\n http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-15+lenny6_sparc.udeb\n Size/MD5 checksum: 580378 2bfe10092e4cb83d8f4602a3f48ddb75\n http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8g-15+lenny6_sparc.deb\n Size/MD5 checksum: 3873244 ad31823167dbebe72337f242a2f1cb06\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 3, "modified": "2010-01-13T18:48:10", "published": "2010-01-13T18:48:10", "id": "DEBIAN:DSA-1970-1:9C793", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2010/msg00005.html", "title": "[SECURITY] [DSA-1970-1] New openssl packages fix denial of service", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:09", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3210", "CVE-2010-0740", "CVE-2010-2939", "CVE-2009-4355", "CVE-2010-4180", "CVE-2010-0742", "CVE-2009-3245", "CVE-2011-0014", "CVE-2010-1633", "CVE-2010-0433", "CVE-2010-3864", "CVE-2010-4252", "CVE-2011-3207"], "description": "### Background\n\nOpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) as well as a general purpose cryptography library. \n\n### Description\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA context-dependent attacker could cause a Denial of Service, possibly execute arbitrary code, bypass intended key requirements, force the downgrade to unintended ciphers, bypass the need for knowledge of shared secrets and successfully authenticate, bypass CRL validation, or obtain sensitive information in applications that use OpenSSL. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll OpenSSL users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/openssl-1.0.0e\"\n \n\nNOTE: This is a legacy GLSA. Updates for all affected architectures are available since September 17, 2011. It is likely that your system is already no longer affected by most of these issues.", "edition": 1, "modified": "2015-06-06T00:00:00", "published": "2011-10-09T00:00:00", "id": "GLSA-201110-01", "href": "https://security.gentoo.org/glsa/201110-01", "type": "gentoo", "title": "OpenSSL: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "cisco": [{"lastseen": "2019-05-29T15:33:12", "bulletinFamily": "software", "cvelist": ["CVE-2009-3555"], "description": "", "modified": "2011-10-20T15:47:58", "published": "2009-11-09T13:00:00", "id": "CISCO-SA-20091109-TLS", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20091109-tls", "type": "cisco", "title": "Transport Layer Security Renegotiation Vulnerability", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "hackerone": [{"lastseen": "2019-01-28T18:19:21", "bulletinFamily": "bugbounty", "bounty": 0.0, "cvelist": ["CVE-2009-3555"], "description": "URL: http://www.slack.com\r\n\r\nVulnerability description\r\nA flaw in the design of the TLS v. 1/SSL v. 3 (TLS/SSL) handshake process was discovered in 2009, and RFC 5746 (Feb. 2010) was released to update the protocol specification. Since then, most system manufacturers have released patches to fix this flaw. Still, as of June 2011 approximately half of the systems using TLS/SSL on the Internet have not implemented the patches needed to close this security hole. This vulnerability affects the secure transport of HTTP, IMAP, SMTP, and other protocols that rely on TLS/SSL. Industry representatives and security researchers who have looked into the problem note that sites with the TLS patch may still be vulnerable to this attack, known as the TLS renegotiation Man-In-The-Middle attack (TLS Renego MITM). DigiCert is taking a proactive approach to this problem by contacting its customers to advise them of this potential vulnerability in their systems. At some point in the future, connectivity problems may occur because of server non-compliance with RFC 5746.\r\n\r\nA vulnerability in the way SSL and TLS protocols allow renegotiation requests may allow an attacker to inject plaintext into an application protocol stream. This could result in a situation where the attacker may be able to issue commands to the server that appear to be coming from a legitimate source. This issue affects SSL version 3.0 and newer and TLS version 1.0 and newer.\r\nThis vulnerability affects Web Server. \r\nDiscovered by: TLS1_SSL3_Renegotiation. \r\n\r\nAttack details\r\nJust to provide you with a brief overview, the typical TLS/SSL handshake process involves the following:\r\n\r\nclient hello (highest TLS/SSL version supported, random number, suggested ciphers, suggested compression methods and, if the client is attempting renegotiation, previous session ID)\r\nserver hello (TLS/SSL version, random number, cipher suite and compression chosen and, if server is attempting renegotiation, previous session ID)\r\nserver sends TLS/SSL certificate\r\nserver hello done\r\n\r\nclient key exchange (preMasterSecret exchange and MasterSecret calculation)\r\nclient change cipher spec\r\nclient finished (hash and MAC of previous handshake messages)\r\n\r\nserver change cipher spec\r\nserver finished\r\n\r\nGET /secure HTTP/1.1\\r\\n...\r\n\r\n(For more information, see Wikipedia's article on TLS handshakes).\r\n\r\nUsing the TLS Renego MITM vulnerability, an attacker can either form a TLS connection to the server first, before the client (for example, on a compromised machine in response to the client\u2019s attempt at connection) or can use session renegotiation to effectuate the attack. Even mutual certificate-based client authentication connections are vulnerable to the TLS Renego MITM attack. More details on how various attack scenarios play out are provided in RFC 5746 and related discussions provided here and here.\r\n\r\n\r\n\r\nThe impact of this vulnerability\r\nA remote, unauthenticated attacker may be able to inject an arbitrary amount of chosen plaintext into the beginning of the application protocol stream. This could allow and attacker to issue HTTP requests, or take action impersonating the user, among other consequences.\r\n\r\nHow to fix this vulnerability\r\n\r\nThe TLS/SSL specification in RFC 5746 applies to both full handshakes and session resumption handshakes. Because pre-existing TLS/SSL specifications required systems to ignore a ClientHello extension if they did not understand it, RFC 5746 specifies that the ClientHello either contain an empty \u201crenegotiation_info\" extension or a Signaling Cipher Suite Value (SCSV) as a pseudo cipher suite with the same semantics as an empty \"renegotiation_info\" extension. When a client receives the ServerHello, it must check to see if the server supports the \"renegotiation_info\" extension. Assuming that secure renegotiation is supported per RFC 5746, then for TLS renegotiation, the client can send the \"renegotiation_info\" extension. If the server does not respond in accordance with RFC 5746, the client MUST abort the renegotiation handshake. Similarly, if a client does not respond in accordance with RFC 5746, then the server MUST abort the renegotiation handshake.\r\n\r\nFor backward compatibility, a compliant client will be configurable for either allowing insecure renegotiation or aborting an attempt to renegotiate. However, because some TLS servers do not support renegotiation at all there will be a transition period where problems will be encountered. From a server side, if the server does not receive the \"renegotiation_info\" extension or the SCSV, then RFC 5746 specifies that the \u201csecure_renegotiation\u201d flag be set to FALSE. Thereafter, if a ClientHello for renegotiation contains an empty \u201crenegotiation_info\" extension or the SCSV, then the server MUST abort the handshake.\r\n\r\nWeb references\r\nTLS1/SSLv3 Renegotiation Vulnerability \r\nCVE-2009-3555 \r\nVU#120541 \r\n", "modified": "2014-08-14T15:21:44", "published": "2014-04-02T13:01:00", "id": "H1:5617", "href": "https://hackerone.com/reports/5617", "type": "hackerone", "title": "Slack: TLS1/SSLv3 Renegotiation Vulnerability", "cvss": {"score": 0.0, "vector": "NONE"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:28", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555"], "description": "[0.9.7a-9.2]\n- CVE-2009-3555 - support the secure renegotiation RFC (#533125) ", "edition": 4, "modified": "2010-03-25T00:00:00", "published": "2010-03-25T00:00:00", "id": "ELSA-2010-0164", "href": "http://linux.oracle.com/errata/ELSA-2010-0164.html", "title": "openssl097a security update", "type": "oraclelinux", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:15", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555"], "description": "nspr:\n[4.8.4-1]\n- Update to NSPR 4.8.4\nnss:\n[3.12.6-1.0.1.el5_4]\n- Update clean.gif in the nss-3.12.6-stripped.tar.bz2 tarball\n[3.12.6-1]\n- Update to 3.12.6\n[3.12.5.99-1.2]\n- Fix an unsatified tools runtime dependency\n[3.12.5.99-1.1]\n- Preserve file attributes and include some test cleanup\n[3.12.5.99-1]\n- Update to NSS_3_12_6_RC1\n[3.12.3.99.3-1.el5_3.4]\n- CVE-2009-3555 (bug 543536) ", "edition": 4, "modified": "2010-03-25T00:00:00", "published": "2010-03-25T00:00:00", "id": "ELSA-2010-0165", "href": "http://linux.oracle.com/errata/ELSA-2010-0165.html", "title": "nss security update", "type": "oraclelinux", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:45:36", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555"], "description": "Network Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. Applications built with NSS can support SSLv2, SSLv3, TLS,\nand other security standards.\n\nNetscape Portable Runtime (NSPR) provides platform independence for non-GUI\noperating system facilities. These facilities include threads, thread\nsynchronization, normal file and network I/O, interval timing, calendar\ntime, basic memory management (malloc and free), and shared library\nlinking.\n\nA flaw was found in the way the TLS/SSL (Transport Layer Security/Secure\nSockets Layer) protocols handled session renegotiation. A man-in-the-middle\nattacker could use this flaw to prefix arbitrary plain text to a client's\nsession (for example, an HTTPS connection to a website). This could force\nthe server to process an attacker's request as if authenticated using the\nvictim's credentials. This update addresses this flaw by implementing the\nTLS Renegotiation Indication Extension, as defined in RFC 5746.\n(CVE-2009-3555)\n\nRefer to the following Knowledgebase article for additional details about\nthis flaw: http://kbase.redhat.com/faq/docs/DOC-20491\n\nUsers of Red Hat Certificate System 7.3 and 8.0 should review the following\nKnowledgebase article before installing this update:\nhttp://kbase.redhat.com/faq/docs/DOC-28439\n\nAll users of NSS are advised to upgrade to these updated packages, which\nupdate NSS to version 3.12.6. This erratum also updates the NSPR packages\nto the version required by NSS 3.12.6. All running applications using the\nNSS library must be restarted for this update to take effect.", "modified": "2017-09-08T12:08:02", "published": "2010-03-25T04:00:00", "id": "RHSA-2010:0165", "href": "https://access.redhat.com/errata/RHSA-2010:0165", "type": "redhat", "title": "(RHSA-2010:0165) Moderate: nss security update", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "cert": [{"lastseen": "2020-09-18T20:42:10", "bulletinFamily": "info", "cvelist": ["CVE-2009-3555"], "description": "### Overview \n\nA vulnerability exists in SSL and TLS protocols that may allow attackers to execute an arbitrary HTTP transaction.\n\n### Description \n\nThe Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols are commonly used to provide authentication, encryption, integrity, and non-repudiation services to network applications such as HTTP, IMAP, POP3, LDAP. A vulnerability in the way SSL and TLS protocols allow renegotiation requests may allow an attacker to inject plaintext into an application protocol stream. This could result in a situation where the attacker may be able to issue commands to the server that appear to be coming from a legitimate source. According to the [Network Working Group](<https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt>):\n\n_The server treats the client's initial TLS handshake as a renegotiation and thus believes that the initial data transmitted by the attacker is from the same entity as the subsequent client data._ \n \nThis issue affects SSL version 3.0 and newer and TLS version 1.0 and newer. \n \n--- \n \n### Impact \n\nA remote, unauthenticated attacker may be able to inject an arbitrary amount of chosen plaintext into the beginning of the application protocol stream. This could allow and attacker to issue HTTP requests, or take action impersonating the user, among other consequences. \n \n--- \n \n### Solution \n\nUsers should contact vendors for specific patch information. \n \n--- \n \n### Vendor Information\n\n120541\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Barracuda Networks __ Affected\n\nNotified: November 05, 2009 Updated: December 17, 2009 \n\n**Statement Date: December 04, 2009**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nBarracuda Networks has published a response to this issue at the following location:\n\n<<http://www.barracudanetworks.com/ns/support/tech_alert.php>> \nPlease refer to the section titled \"Resolved vulnerability in the TLS/SSL protocol during session renegotiation in select Barracuda Networks products\" for more information.\n\n### Debian GNU/Linux Affected\n\nNotified: November 05, 2009 Updated: November 11, 2009 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### GnuTLS Affected\n\nNotified: November 05, 2009 Updated: November 11, 2009 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Hewlett-Packard Company __ Affected\n\nNotified: November 05, 2009 Updated: December 17, 2009 \n\n**Statement Date: December 15, 2009**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\n`-----BEGIN PGP SIGNED MESSAGE-----` \n`Hash: SHA1` \n \n`SUPPORT COMMUNICATION - SECURITY BULLETIN` \n \n`Document ID: c01945686` \n`Version: 2` \n \n`HPSBUX02482 SSRT090249 rev.2 - HP-UX Running OpenSSL, Remote Unauthorized Data Injection, Denial of Service (DoS)` \n \n`NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.` \n \n`Release Date: 2009-11-25` \n`Last Updated: 2009-12-12` \n \n`Potential Security Impact: Remote unauthorized data injection, Denial of Service (DoS)` \n \n`Source: Hewlett-Packard Company, HP Software Security Response Team` \n \n`VULNERABILITY SUMMARY` \n`A potential security vulnerability has been identified with HP-UX OpenSSL. The vulnerability could be exploited remotely to inject unauthorized data or to create a Denial of Service (DoS).` \n \n`References: CVE-2009-3555` \n \n`SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.` \n`HP-UX B.11.11, B.11.23, B.11.31 running OpenSSL before vA.00.09.08l.` \n \n`BACKGROUND` \n \n`CVSS 2.0 Base Metrics` \n`===========================================================` \n` Reference Base Vector Base Score` \n`CVE-2009-3555 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4` \n`===========================================================` \n` Information on CVSS is documented` \n` in HP Customer Notice: HPSN-2008-002` \n \n`RESOLUTION` \n \n`HP has provided upgrades to resolve this vulnerability.` \n`The upgrades are available from the following location.` \n \n`<http://software.hp.com>` \n \n`HP-UX Release` \n` Version of OpenSSL Depot` \n \n`B.11.11 PA (32 and 64)` \n` A.00.09.08l.001` \n \n`B.11.23 (PA and IA)` \n` A.00.09.08l.002` \n \n`B.11.31 (PA and IA)` \n` A.00.09.08l.003` \n \n`Note: OpenSSL vA.00.09.08l disables renegotiation. Although renegotiation is thought to be rarely used, applications should be tested to evaluate the impact of installing OpenSSL vA.00.09.08l.` \n \n`MANUAL ACTIONS: Yes - Update` \n \n`Install OpenSSL A.00.09.08l or subsequent` \n \n`PRODUCT SPECIFIC INFORMATION` \n \n`HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: <https://www.hp.com/go/swa>` \n \n`The following text is for use by the HP-UX Software Assistant.` \n \n`AFFECTED VERSIONS` \n \n`HP-UX B.11.11` \n`==================` \n`openssl.OPENSSL-CER` \n`openssl.OPENSSL-CONF` \n`openssl.OPENSSL-DOC` \n`openssl.OPENSSL-INC` \n`openssl.OPENSSL-LIB` \n`openssl.OPENSSL-MAN` \n`openssl.OPENSSL-MIS` \n`openssl.OPENSSL-PRNG` \n`openssl.OPENSSL-PVT` \n`openssl.OPENSSL-RUN` \n`openssl.OPENSSL-SRC` \n`action: install revision A.00.09.08l.001 or subsequent` \n \n`HP-UX B.11.23` \n`==================` \n`openssl.OPENSSL-CER` \n`openssl.OPENSSL-CONF` \n`openssl.OPENSSL-DOC` \n`openssl.OPENSSL-INC` \n`openssl.OPENSSL-LIB` \n`openssl.OPENSSL-MAN` \n`openssl.OPENSSL-MIS` \n`openssl.OPENSSL-PRNG` \n`openssl.OPENSSL-PVT` \n`openssl.OPENSSL-RUN` \n`openssl.OPENSSL-SRC` \n`action: install revision A.00.09.08l.002 or subsequent` \n \n`HP-UX B.11.31` \n`==================` \n`openssl.OPENSSL-CER` \n`openssl.OPENSSL-CONF` \n`openssl.OPENSSL-DOC` \n`openssl.OPENSSL-INC` \n`openssl.OPENSSL-LIB` \n`openssl.OPENSSL-MAN` \n`openssl.OPENSSL-MIS` \n`openssl.OPENSSL-PRNG` \n`openssl.OPENSSL-PVT` \n`openssl.OPENSSL-RUN` \n`openssl.OPENSSL-SRC` \n`action: install revision A.00.09.08l.003 or subsequent` \n \n`END AFFECTED VERSIONS` \n \n`HISTORY` \n`Version:1 (rev.1) 25 November 2009 Initial release` \n`Version:2 (rev.2) 14 December 2009 Revised location from which to download upgrades, fileset content.` \n`Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.` \n \n`Support: For further information, contact normal HP Services support channel.` \n \n`Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com` \n`It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.` \n`To get the security-alert PGP key, please send an e-mail message as follows:` \n` To: security-alert@hp.com` \n` Subject: get key` \n`Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:` \n`[http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC](<http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC>)` \n`On the web page: ITRC security bulletins and patch sign-up` \n`Under Step1: your ITRC security bulletins and patches` \n` -check ALL categories for which alerts are required and continue.` \n`Under Step2: your ITRC operating systems` \n` -verify your operating system selections are checked and save.` \n \n`To update an existing subscription: <http://h30046.www3.hp.com/subSignIn.php>` \n`Log in on the web page: Subscriber's choice for Business: sign-in.` \n`On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.` \n \n`To review previously published Security Bulletins visit: <http://www.itrc.hp.com/service/cki/secBullArchive.do>` \n \n`* The Software Product Category that this Security Bulletin` \n`relates to is represented by the 5th and 6th characters` \n`of the Bulletin number in the title:` \n \n`GN = HP General SW` \n`MA = HP Management Agents` \n`MI = Misc. 3rd Party SW` \n`MP = HP MPE/iX` \n`NS = HP NonStop Servers` \n`OV = HP OpenVMS` \n`PI = HP Printing & Imaging` \n`ST = HP Storage SW` \n`TL = HP Trusted Linux` \n`TU = HP Tru64 UNIX` \n`UX = HP-UX` \n`VV = HP VirtualVault` \n \n`System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.` \n \n`\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"` \n \n`Copyright 2009 Hewlett-Packard Development Company, L.P.` \n`Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.` \n`-----BEGIN PGP SIGNATURE-----` \n`Version: GnuPG v1.4.10 (GNU/Linux)` \n \n`iEYEARECAAYFAksmnlAACgkQ4B86/C0qfVkacACgpkVOgFipzlbxSDrmY0HLegCd` \n`8C8AoMKw23iAcTZCMkeMIM1QmTAyujeA` \n`=KK6o` \n`-----END PGP SIGNATURE-----`\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### IBM Corporation Affected\n\nNotified: November 05, 2009 Updated: November 11, 2009 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### McAfee Affected\n\nNotified: November 05, 2009 Updated: November 11, 2009 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Sun Microsystems, Inc. __ Affected\n\nNotified: November 05, 2009 Updated: November 06, 2009 \n\n**Statement Date: November 05, 2009**\n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nSun Microsystems has published a preliminary statement about this issue in the following Sun Security Blog post:\n\n \n<<http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during>>\n\n### Vendor References\n\nNone\n\n### Addendum\n\nThere are no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23120541 Feedback>).\n\n### Cryptlib __ Not Affected\n\nNotified: November 05, 2009 Updated: November 11, 2009 \n\n**Statement Date: November 10, 2009**\n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\ncryptlib does not allow renegotiation, it ignores requests to renegotiate as provided for in the TLS specification. It is therefore not vulnerable to this issue.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Force10 Networks, Inc. Not Affected\n\nNotified: November 05, 2009 Updated: July 22, 2011 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Redback Networks, Inc. Not Affected\n\nNotified: November 05, 2009 Updated: November 11, 2009 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### SafeNet __ Not Affected\n\nNotified: November 05, 2009 Updated: November 19, 2009 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nAccording to SafeNet their products that make use of SSL/TLS use it with proprietary messaging protocols that set up the authenticated session at the beginning of the transmission and do not allow the sort of requested Renegotiate that makes this vulnerability exploitable.\n\n### libgcrypt Not Affected\n\nNotified: November 05, 2009 Updated: November 11, 2009 \n\n### Status\n\nNot Affected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### 3com Inc Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### ACCESS Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### AT&T Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Alcatel-Lucent Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Apache HTTP Server Project Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Apache-SSL Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Apple Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Aruba Networks, Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Attachmate Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Avaya, Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Belkin, Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Borderware Technologies Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Certicom Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Charlotte's Web Networks Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Check Point Software Technologies Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Cisco Systems, Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Clavister Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Computer Associates Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Conectiva Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Cray Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Crypto++ Library Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### D-Link Systems, Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### DragonFly BSD Project Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### EMC Corporation Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Engarde Secure Linux Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Enterasys Networks Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Ericsson Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Extreme Networks Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### F5 Networks, Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Fedora Project Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Fortinet, Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Foundry Networks, Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### FreeBSD Project Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Fujitsu Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Gentoo Linux Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Global Technology Associates, Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Hitachi Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### IBM eServer Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### IP Filter Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### IP Infusion, Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Infoblox Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Intel Corporation Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Internet Security Systems, Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Intoto Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Juniper Networks, Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Lotus Software Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Luminous Networks Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Mandriva S. A. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Microsoft Corporation __ Unknown\n\nNotified: November 05, 2009 Updated: June 02, 2010 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nMicrosoft has published the following advisory:\n\n<http://www.microsoft.com/technet/security/advisory/977377.mspx> \nMicrosoft has also released an update that disables TLS/SSL renegotiation. More information is available at the following Microsoft Knowledge Base Article: \n<http://support.microsoft.com/kb/977377>\n\n### Microsoft Internet Explorer Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Mirapoint, Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### MontaVista Software, Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Mozilla - Network Security Services __ Unknown\n\nNotified: November 05, 2009 Updated: June 02, 2010 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe following information has been published:\n\n<https://wiki.mozilla.org/Security:Renegotiation>\n\n### Multitech, Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### NEC Corporation Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### National Center for Supercomputing Applications Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### NetApp Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### NetBSD Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Netscape NSS Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Nokia Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Nortel Networks, Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Novell, Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### OpenBSD Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### OpenSSL Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Openwall GNU/*/Linux Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### PePLink Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Process Software Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Q1 Labs Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### QNX Software Systems Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Quagga Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### RadWare, Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Red Hat, Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### SUSE Linux Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Secureworx, Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Silicon Graphics, Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Slackware Linux Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### SmoothWall Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Snort Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Soapstone Networks Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Sony Corporation Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Sourcefire Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Spyrus Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Stonesoft Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Stunnel Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Symantec Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### The SCO Group Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### TippingPoint Technologies Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Turbolinux Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Ubuntu Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Unisys Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### VMware Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Vyatta Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Watchguard Technologies, Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### Wind River Systems, Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### ZyXEL Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### eSoft, Inc. Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### m0n0wall Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### mod_ssl Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### netfilter Unknown\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\nUnknown\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\nView all 111 vendors __View less vendors __\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | 0 | AV:--/AC:--/Au:--/C:--/I:--/A:-- \nTemporal | 0 | E:ND/RL:ND/RC:ND \nEnvironmental | 0 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND \n \n \n\n\n### References \n\n * <http://extendedsubset.com/?p=8>\n * <http://www.links.org/?p=780>\n * <http://www.links.org/?p=786>\n * <http://www.links.org/?p=789>\n * <http://blogs.iss.net/archive/sslmitmiscsrf.html>\n * <http://www.ietf.org/mail-archive/web/tls/current/msg03948.html>\n * <https://bugzilla.redhat.com/show_bug.cgi?id=533125>\n * <http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00014.html>\n * <http://cvs.openssl.org/chngview?cn=18790>\n * <http://www.links.org/files/no-renegotiation-2.patch>\n * <http://blog.zoller.lu/2009/11/new-sslv3-tls-vulnerability-mitm.html>\n * <https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt>\n * <http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html>\n\n### Acknowledgements\n\nThanks to Marsh Ray of PhoneFactor for reporting this vulnerability. This issue was also independently discovered and publicly disclosed by Martin Rex of SAP.\n\nThis document was written by Chris Taschner.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2009-3555](<http://web.nvd.nist.gov/vuln/detail/CVE-2009-3555>) \n---|--- \n**Date Public:** | 2009-11-05 \n**Date First Published:** | 2009-11-11 \n**Date Last Updated: ** | 2011-07-22 12:47 UTC \n**Document Revision: ** | 38 \n", "modified": "2011-07-22T12:47:00", "published": "2009-11-11T00:00:00", "id": "VU:120541", "href": "https://www.kb.cert.org/vuls/id/120541", "type": "cert", "title": "SSL and TLS protocols renegotiation vulnerability", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "suse": [{"lastseen": "2016-09-04T12:25:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555"], "description": "The TLS/SSLv3 protocol as implemented in openssl prior to this update was not able to associate already sent data to a renegotiated connection. This allowed man-in-the-middle attackers to inject HTTP requests in a HTTPS session without being noticed. For example Apache's mod_ssl was vulnerable to this kind of attack because it uses openssl. It is believed that this vulnerability is actively exploited in the wild to get access to HTTPS protected web-sites. Please note that renegotiation will be disabled for any application using openssl by this update and may cause problems in some cases. Additionally this attack is not limited to HTTP.\n#### Solution\nThere is no work-around known. Please install the update. Moblin packages will be released later.", "edition": 1, "modified": "2009-11-18T09:50:39", "published": "2009-11-18T09:50:39", "id": "SUSE-SA:2009:057", "href": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html", "type": "suse", "title": "man-in-the-middle attack in openssl", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}]}
