OpenSSL Insecure Protocol Negotiation Weakness

Bugtraq ID: 15071
Class: Design Error
CVE: CVE-2005-2969
Remote: Yes
Local: No
Published: Oct 11 2005 12:00AM
Updated: Aug 25 2008 11:15PM
Credit: Yutaka Oiwa of the Research Center for Information Security, National Institute of Advanced Industrial Science and Technology (AIST), Japan, reported this issue to the vendor.
Vulnerable: Ubuntu Ubuntu Linux 5.10 powerpc
Ubuntu Ubuntu Linux 5.10 i386
Ubuntu Ubuntu Linux 5.10 amd64
Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
Ubuntu Ubuntu Linux 4.1 ppc
Ubuntu Ubuntu Linux 4.1 ia64
Ubuntu Ubuntu Linux 4.1 ia32
Turbolinux Turbolinux Server 10.0
Turbolinux Turbolinux Server 10.0.0 x64
TurboLinux Personal
TurboLinux Multimedia
Turbolinux FUJI 0
Turbolinux Appliance Server Workgroup Edition 1.0
Turbolinux Appliance Server Hosting Edition 1.0
Turbolinux Appliance Server 1.0 Workgroup Edition
Turbolinux Appliance Server 1.0 Hosting Edition
Turbolinux Appliance Server 2.0
Trustix Secure Linux 3.0
Trustix Secure Linux 2.2
Trustix Secure Enterprise Linux 2.0
TransSoft Broker FTP Server 8.0
SuSE SUSE Linux Enterprise Server 8
Sun Solaris 10.0_x86
Sun Solaris 10
SmoothWall Express 2.0
Slackware Linux 10.2
Slackware Linux 10.1
Slackware Linux 10.0
Slackware Linux 9.1
Slackware Linux 9.0
Slackware Linux 8.1
Slackware Linux -current
SGI Advanced Linux Environment 3.0
SCO Unixware 7.1.4
SCO Unixware 7.1.3 up
SCO Unixware 7.1.3
S.u.S.E. UnitedLinux 1.0
S.u.S.E. Open-Enterprise-Server 9.0
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Professional 9.0 x86_64
S.u.S.E. Linux Professional 9.0
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Desktop 1.0
rPath rPath Linux 1
RedHat Network Satellite (for RHEL 4) 5.1
RedHat Linux 9.0 i386
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Desktop 4.0
RedHat Desktop 3.0
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Red Hat Network Satellite Server 5.0
Red Hat Red Hat Network Satellite Server 4.2
Red Hat Fedora Core4
Red Hat Fedora Core3
Red Hat Fedora Core2
Red Hat Fedora Core1
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux AS 3
Red Hat Enterprise Linux AS 2.1 IA64
Red Hat Enterprise Linux AS 2.1
OpenSSL Project OpenSSL 0.9.8
+ Gentoo Linux
OpenSSL Project OpenSSL 0.9.7 g
OpenSSL Project OpenSSL 0.9.7 f
OpenSSL Project OpenSSL 0.9.7 e
OpenSSL Project OpenSSL 0.9.7 d
OpenSSL Project OpenSSL 0.9.7 c
+ OpenPKG OpenPKG 2.0
+ Slackware Linux 9.1
+ Slackware Linux 9.0
+ Slackware Linux -current
OpenSSL Project OpenSSL 0.9.7 beta3
OpenSSL Project OpenSSL 0.9.7 beta2
OpenSSL Project OpenSSL 0.9.7 beta1
OpenSSL Project OpenSSL 0.9.7 b
OpenSSL Project OpenSSL 0.9.7 a
+ Conectiva Linux 9.0
+ OpenPKG OpenPKG Current
OpenSSL Project OpenSSL 0.9.7
OpenSSL Project OpenSSL 0.9.6 m
OpenSSL Project OpenSSL 0.9.6 l
OpenSSL Project OpenSSL 0.9.6 k
OpenSSL Project OpenSSL 0.9.6 j
OpenSSL Project OpenSSL 0.9.6 i
+ HP Apache-Based Web Server 1.3.27 .01
+ HP Apache-Based Web Server 1.3.27 .00
+ HP HP-UX Apache-Based Web Server 1.0.1 .01
+ HP HP-UX Apache-Based Web Server 1.0 .07.01
+ HP HP-UX Apache-Based Web Server 1.0 .06.02
+ HP HP-UX Apache-Based Web Server 1.0 .06.01
+ HP HP-UX Apache-Based Web Server 1.0 .05.01
+ HP HP-UX Apache-Based Web Server 1.0 .04.01
+ HP HP-UX Apache-Based Web Server 1.0 .03.01
+ HP HP-UX Apache-Based Web Server 1.0 .02.01
+ HP HP-UX Apache-Based Web Server 1.0 .01
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ Mandriva Linux Mandrake 9.0
+ S.u.S.E. Linux Personal 8.2
OpenSSL Project OpenSSL 0.9.6 h
OpenSSL Project OpenSSL 0.9.6 g
OpenSSL Project OpenSSL 0.9.6 f
OpenSSL Project OpenSSL 0.9.6 e
+ FreeBSD FreeBSD 4.6 -RELEASE
+ FreeBSD FreeBSD 4.6
OpenSSL Project OpenSSL 0.9.6 d
+ Slackware Linux 8.1
OpenSSL Project OpenSSL 0.9.6 c
OpenSSL Project OpenSSL 0.9.6 b
OpenSSL Project OpenSSL 0.9.6 a
+ Conectiva Linux 7.0
+ NetBSD NetBSD 1.5.3
+ NetBSD NetBSD 1.5.2
+ NetBSD NetBSD 1.5.1
+ NetBSD NetBSD 1.5
+ S.u.S.E. Linux 7.2 i386
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
+ S.u.S.E. Linux 7.1
OpenSSL Project OpenSSL 0.9.6
OpenSSL Project OpenSSL 0.9.5 a
OpenSSL Project OpenSSL 0.9.5
OpenSSL Project OpenSSL 0.9.4
+ Debian Linux 3.0
+ OpenBSD OpenBSD 2.6
OpenSSL Project OpenSSL 0.9.3
OpenSSL Project OpenSSL 0.9.2 b
OpenSSL Project OpenSSL 0.9.1 c
NetBSD NetBSD 2.0.2
NetBSD NetBSD 2.0.1
NetBSD NetBSD 2.0
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
MandrakeSoft Multi Network Firewall 2.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 2.1 x86_64
MandrakeSoft Corporate Server 2.1
Juniper Networks IVE OS 5.1 R3
Juniper Networks IVE OS 5.0 R5
Juniper Networks IVE OS 4.2 R6
Juniper Networks IVE OS 5.0
Juniper Networks IVE OS 4.0
Juniper Networks IVE OS 3.0
Juniper Networks IVE OS 2.0
Juniper Networks IVE OS 1.0
IBM Hardware Management Console (HMC) for pSeries 5.0 R1.0
IBM Hardware Management Console (HMC) for pSeries 4.0 R5.0
IBM Hardware Management Console (HMC) for pSeries 4.0 R4.0
IBM Hardware Management Console (HMC) for pSeries 4.0 R3.3
IBM Hardware Management Console (HMC) for pSeries 4.0 R3.2
IBM Hardware Management Console (HMC) for pSeries 4.0 R3.1
IBM Hardware Management Console (HMC) for pSeries 4.0 R2.1
IBM Hardware Management Console (HMC) for pSeries 4.0 R2.0
IBM Hardware Management Console (HMC) for pSeries 3.3.2
IBM Hardware Management Console (HMC) for pSeries 3.0 R3.6
IBM Hardware Management Console (HMC) for pSeries 4
IBM Hardware Management Console (HMC) for pSeries 3
IBM Hardware Management Console (HMC) for iSeries 5.0 R1.0
IBM Hardware Management Console (HMC) for iSeries 4.0 R5.0
IBM Hardware Management Console (HMC) for iSeries 4.0 R4.0
IBM Hardware Management Console (HMC) for iSeries 4.0 R3.3
IBM Hardware Management Console (HMC) for iSeries 4.0 R3.2
IBM Hardware Management Console (HMC) for iSeries 4.0 R3.1
IBM Hardware Management Console (HMC) for iSeries 4.0 R2.1
IBM Hardware Management Console (HMC) for iSeries 4.0 R2.0
IBM Hardware Management Console (HMC) for iSeries 4.0
IBM Hardware Management Console (HMC) for iSeries 3.3.2
IBM Hardware Management Console (HMC) for iSeries 3.0 R3.6
IBM Director 5.10
HP Version Version Control Repository Agent
HP Version Control Agent
HP ProLiant Performance Analyzer
HP Performance Management Pack 3.1
HP Intelligent Cluster Administrator
HP Insight Manager (SNMP and DMI agents) 7.0
HP HTTP Server 5.96
HP HTTP Server 5.94
HP HTTP Server 5.93
+ Compaq Web-Based Management Agent
+ HP Web-Enabled Management Software
HP HTTP Server 5.92
HP HTTP Server 5.0
+ Compaq Web-Based Management Agent
+ HP Web-Enabled Management Software
HP HP-UX B.11.31
HP HP-UX B.11.23
HP HP-UX B.11.11
HP HP-UX B.11.00
HP Compaq Survey Utility
HP Compaq Power Management
HP Array Configuration Utility
FreeBSD FreeBSD 6.0 -STABLE
FreeBSD FreeBSD 6.0 -RELEASE
FreeBSD FreeBSD 5.4 -RELENG
FreeBSD FreeBSD 5.4 -RELEASE
FreeBSD FreeBSD 5.3 -STABLE
FreeBSD FreeBSD 5.3 -RELENG
FreeBSD FreeBSD 5.3 -RELEASE
FreeBSD FreeBSD 5.3
FreeBSD FreeBSD 5.2.1 -RELEASE
FreeBSD FreeBSD 5.2 -RELENG
FreeBSD FreeBSD 5.2 -RELEASE
FreeBSD FreeBSD 5.2
FreeBSD FreeBSD 5.1 -RELENG
FreeBSD FreeBSD 5.1 -RELEASE/Alpha
FreeBSD FreeBSD 5.1 -RELEASE-p5
FreeBSD FreeBSD 5.1 -RELEASE
FreeBSD FreeBSD 5.1
FreeBSD FreeBSD 5.0 -RELENG
FreeBSD FreeBSD 5.0
FreeBSD FreeBSD 4.11 -STABLE
FreeBSD FreeBSD 4.11 -RELENG
FreeBSD FreeBSD 4.10 -RELENG
FreeBSD FreeBSD 4.10 -RELEASE
FreeBSD FreeBSD 4.10
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Debian Linux 3.0 sparc
Debian Linux 3.0 s/390
Debian Linux 3.0 ppc
Debian Linux 3.0 mipsel
Debian Linux 3.0 mips
Debian Linux 3.0 m68k
Debian Linux 3.0 ia-64
Debian Linux 3.0 ia-32
Debian Linux 3.0 hppa
Debian Linux 3.0 arm
Debian Linux 3.0 alpha
Debian Linux 3.0
Conectiva Linux 10.0
Cisco Works Common Services (CWCS) 3.0
Cisco Works Common Services (CWCS) 2.2
Cisco Wireless Control System Software 4.0
Cisco PIX/ASA 7.0.1 .4
Cisco PIX/ASA 7.0
Cisco Mainframe Channel Connection (CMCC) 28-22
Cisco IOS XR 3.2
Cisco IOS XR 3.1 .0
Cisco IOS XR 3.0.1
Cisco IOS XR
Cisco GSS Global Site Selector 4491 1.2
Cisco GSS Global Site Selector 4490 1.2
Cisco GSS Global Site Selector 4480 1.2
Blue Coat Systems SGOS 4.1.2 .1
Blue Coat Systems SGOS 4.1.2
Blue Coat Systems SGOS 4.1.1 .1
Blue Coat Systems SGOS 4.1.1
Blue Coat Systems SGOS 3.2.6 .1
Blue Coat Systems SGOS 3.2.5 .5
Blue Coat Systems SGOS 3.2.5
Blue Coat Systems SGOS 3.2.4 .8
Blue Coat Systems SGOS 3.2.4
Blue Coat Systems SGOS 3.1.5 .2
Blue Coat Systems SGOS 2.1.11
Blue Coat Systems ProxyAV
Blue Coat Systems CacheOS 4.0
Avaya Predictive Dialing System (PDS) 11.0
Avaya Predictive Dialing System (PDS) 11.11
Avaya Predictive Dialer 0
Avaya Intuity Audix R5 0
Avaya Intuity AUDIX
Astaro Security Linux 6.0 02
Astaro Security Linux 6.0 01
Astaro Security Linux 4.0 28
Apple Mac OS X Server 10.4.3
Apple Mac OS X Server 10.4.2
Apple Mac OS X Server 10.4.1
Apple Mac OS X Server 10.4
Apple Mac OS X Server 10.3.9
Apple Mac OS X Server 10.3.8
Apple Mac OS X Server 10.3.7
Apple Mac OS X Server 10.3.6
Apple Mac OS X Server 10.3.5
Apple Mac OS X Server 10.3.4
Apple Mac OS X Server 10.3.3
Apple Mac OS X Server 10.3.2
Apple Mac OS X Server 10.3.1
Apple Mac OS X Server 10.3
Apple Mac OS X 10.4.3
Apple Mac OS X 10.4.2
Apple Mac OS X 10.4.1
Apple Mac OS X 10.4
Apple Mac OS X 10.3.9
Apple Mac OS X 10.3.8
Apple Mac OS X 10.3.7
Apple Mac OS X 10.3.6
Apple Mac OS X 10.3.5
Apple Mac OS X 10.3.4
Apple Mac OS X 10.3.3
Apple Mac OS X 10.3.2
Apple Mac OS X 10.3.1
Apple Mac OS X 10.3
Not Vulnerable: OpenSSL Project OpenSSL 0.9.8 a
OpenSSL Project OpenSSL 0.9.7 h
Juniper Networks IVE OS 5.1 R4
Juniper Networks IVE OS 5.0 R6
Juniper Networks IVE OS 4.2 R7
IBM Director 5.10.3
Cisco PIX/ASA 7.0.4 .3
Cisco PIX/ASA 7.0.4
Astaro Security Linux 6.1 01
+ OpenSSL Project OpenSSL 0.9.8 a
+ OpenSSL Project OpenSSL 0.9.8
+ OpenSSL Project OpenSSL 0.9.7 h
+ OpenSSL Project OpenSSL 0.9.7 g
+ OpenSSL Project OpenSSL 0.9.7 f
+ OpenSSL Project OpenSSL 0.9.7 e
+ OpenSSL Project OpenSSL 0.9.7 d
+ OpenSSL Project OpenSSL 0.9.7 c
+ OpenSSL Project OpenSSL 0.9.7 beta3
+ OpenSSL Project OpenSSL 0.9.7 beta2
+ OpenSSL Project OpenSSL 0.9.7 beta1
+ OpenSSL Project OpenSSL 0.9.7 b
+ OpenSSL Project OpenSSL 0.9.7 a
+ OpenSSL Project OpenSSL 0.9.7
+ OpenSSL Project OpenSSL 0.9.6 m
+ OpenSSL Project OpenSSL 0.9.6 l
+ OpenSSL Project OpenSSL 0.9.6 k
+ OpenSSL Project OpenSSL 0.9.6 j
+ OpenSSL Project OpenSSL 0.9.6 i
+ OpenSSL Project OpenSSL 0.9.6 h
+ OpenSSL Project OpenSSL 0.9.6 g
+ OpenSSL Project OpenSSL 0.9.6 f
+ OpenSSL Project OpenSSL 0.9.6 e
+ OpenSSL Project OpenSSL 0.9.6 d
+ OpenSSL Project OpenSSL 0.9.6 c
+ OpenSSL Project OpenSSL 0.9.6 b-36.8
+ OpenSSL Project OpenSSL 0.9.6 b
+ OpenSSL Project OpenSSL 0.9.6 a
+ OpenSSL Project OpenSSL 0.9.6
+ OpenSSL Project OpenSSL 0.9.5 a
+ OpenSSL Project OpenSSL 0.9.5
+ OpenSSL Project OpenSSL 0.9.4
+ OpenSSL Project OpenSSL 0.9.3
+ OpenSSL Project OpenSSL 0.9.2 b
+ OpenSSL Project OpenSSL 0.9.1 c
Astaro Security Linux 4.0 29


 

Privacy Statement
Copyright 2010, SecurityFocus