5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
0.002 Low
EPSS
Percentile
62.4%
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.
A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure
Sockets Layer) protocols handled session renegotiation. A man-in-the-middle
attacker could use this flaw to prefix arbitrary plain text to a client’s
session (for example, an HTTPS connection to a website). This could force
the server to process an attacker’s request as if authenticated using the
victim’s credentials. This update addresses this flaw by implementing the
TLS Renegotiation Indication Extension, as defined in RFC 5746.
(CVE-2009-3555)
Refer to the following Knowledgebase article for additional details about
this flaw: http://kbase.redhat.com/faq/docs/DOC-20491
All openssl097a users should upgrade to these updated packages, which
contain a backported patch to resolve this issue. For the update to take
effect, all services linked to the openssl097a library must be restarted,
or the system rebooted.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 5 | i386 | openssl097a | < 0.9.7a-9.el5_4.2 | openssl097a-0.9.7a-9.el5_4.2.i386.rpm |
RedHat | 5 | ppc64 | openssl097a | < 0.9.7a-9.el5_4.2 | openssl097a-0.9.7a-9.el5_4.2.ppc64.rpm |
RedHat | 5 | s390 | openssl097a | < 0.9.7a-9.el5_4.2 | openssl097a-0.9.7a-9.el5_4.2.s390.rpm |
RedHat | 5 | ia64 | openssl097a | < 0.9.7a-9.el5_4.2 | openssl097a-0.9.7a-9.el5_4.2.ia64.rpm |
RedHat | 5 | src | openssl097a | < 0.9.7a-9.el5_4.2 | openssl097a-0.9.7a-9.el5_4.2.src.rpm |
RedHat | 5 | s390x | openssl097a | < 0.9.7a-9.el5_4.2 | openssl097a-0.9.7a-9.el5_4.2.s390x.rpm |
RedHat | 5 | x86_64 | openssl097a | < 0.9.7a-9.el5_4.2 | openssl097a-0.9.7a-9.el5_4.2.x86_64.rpm |
RedHat | 5 | ppc | openssl097a | < 0.9.7a-9.el5_4.2 | openssl097a-0.9.7a-9.el5_4.2.ppc.rpm |