6.2 Medium
AI Score
Confidence
High
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.014 Low
EPSS
Percentile
86.1%
Dan Kaminsky discovered OpenSSL would still accept certificates with MD2
hash signatures. As a result, an attacker could potentially create a
malicious trusted certificate to impersonate another site. This update
handles this issue by completely disabling MD2 for certificate validation.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 9.04 | noarch | libssl0.9.8 | < 0.9.8g-15ubuntu3.3 | UNKNOWN |
Ubuntu | 9.04 | noarch | libcrypto0.9.8-udeb | < 0.9.8g-15ubuntu3.3 | UNKNOWN |
Ubuntu | 9.04 | noarch | libssl-dev | < 0.9.8g-15ubuntu3.3 | UNKNOWN |
Ubuntu | 9.04 | noarch | libssl0.9.8 | < dbg-0.9.8g-15ubuntu3.3 | UNKNOWN |
Ubuntu | 9.04 | noarch | openssl | < 0.9.8g-15ubuntu3.3 | UNKNOWN |
Ubuntu | 8.10 | noarch | libssl0.9.8 | < 0.9.8g-10.1ubuntu2.5 | UNKNOWN |
Ubuntu | 8.10 | noarch | libcrypto0.9.8-udeb | < 0.9.8g-10.1ubuntu2.5 | UNKNOWN |
Ubuntu | 8.10 | noarch | libssl-dev | < 0.9.8g-10.1ubuntu2.5 | UNKNOWN |
Ubuntu | 8.10 | noarch | libssl0.9.8 | < dbg-0.9.8g-10.1ubuntu2.5 | UNKNOWN |
Ubuntu | 8.10 | noarch | openssl | < 0.9.8g-10.1ubuntu2.5 | UNKNOWN |