Test Kennung:	1.3.6.1.4.1.25623.1.0.55674
Kategorie:	Conectiva Local Security Checks
Titel:	Conectiva Security Advisory CLSA-2005:1038
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory CLSA-2005:1038. This announcement fixes two vulnerabilities in OpenSSL. Discovered by Yutaka Oiwa, the first could let a 'man in the middle' force a client and a server to negotiate the SSL 2.0 protocol even if these parties both support SSL 3.0 or TLS 1.0. The second one is that OpenSSL used MD5 for creating message digests instead of a more cryptorgaphically strong algorithm, which makes it easier for remote attackers to forge certificates with a valid certificate authority signature. The default configuration now is to use the SHA-1 algorithm. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=001038 http://www.openssl.org/ Risk factor : Medium CVSS Score: 5.0
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2005-2969 1015032 http://securitytracker.com/id?1015032 101974 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101974-1 15071 http://www.securityfocus.com/bid/15071 15647 http://www.securityfocus.com/bid/15647 17146 http://secunia.com/advisories/17146 17151 http://secunia.com/advisories/17151 17153 http://secunia.com/advisories/17153 17169 http://secunia.com/advisories/17169 17178 http://secunia.com/advisories/17178 17180 http://secunia.com/advisories/17180 17189 http://secunia.com/advisories/17189 17191 http://secunia.com/advisories/17191 17210 http://secunia.com/advisories/17210 17259 http://secunia.com/advisories/17259 17288 http://secunia.com/advisories/17288 17335 http://secunia.com/advisories/17335 17344 http://secunia.com/advisories/17344 17389 http://secunia.com/advisories/17389 17409 http://secunia.com/advisories/17409 17432 http://secunia.com/advisories/17432 17466 http://secunia.com/advisories/17466 17589 http://secunia.com/advisories/17589 17617 http://secunia.com/advisories/17617 17632 http://secunia.com/advisories/17632 17813 http://secunia.com/advisories/17813 17888 http://secunia.com/advisories/17888 18045 http://secunia.com/advisories/18045 18123 http://secunia.com/advisories/18123 18165 http://secunia.com/advisories/18165 18663 http://secunia.com/advisories/18663 19185 http://secunia.com/advisories/19185 20051202 Cisco Security Notice: Response to OpenSSL - Potential SSL 2.0 Rollback http://www.cisco.com/warp/public/707/cisco-response-20051202-openssl.shtml 21827 http://secunia.com/advisories/21827 23280 http://secunia.com/advisories/23280 23340 http://secunia.com/advisories/23340 23843 http://secunia.com/advisories/23843 23915 http://secunia.com/advisories/23915 24799 http://www.securityfocus.com/bid/24799 25973 http://secunia.com/advisories/25973 26893 http://secunia.com/advisories/26893 31492 http://secunia.com/advisories/31492 ADV-2005-2036 http://www.vupen.com/english/advisories/2005/2036 ADV-2005-2659 http://www.vupen.com/english/advisories/2005/2659 ADV-2005-2710 http://www.vupen.com/english/advisories/2005/2710 ADV-2005-2908 http://www.vupen.com/english/advisories/2005/2908 ADV-2005-3002 http://www.vupen.com/english/advisories/2005/3002 ADV-2005-3056 http://www.vupen.com/english/advisories/2005/3056 ADV-2006-3531 http://www.vupen.com/english/advisories/2006/3531 ADV-2007-0326 http://www.vupen.com/english/advisories/2007/0326 ADV-2007-0343 http://www.vupen.com/english/advisories/2007/0343 ADV-2007-2457 http://www.vupen.com/english/advisories/2007/2457 APPLE-SA-2005-11-29 http://docs.info.apple.com/article.html?artnum=302847 DSA-875 http://www.debian.org/security/2005/dsa-875 DSA-881 http://www.debian.org/security/2005/dsa-881 DSA-882 http://www.debian.org/security/2005/dsa-882 HPSBUX02174 http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100 HPSBUX02186 http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540 MDKSA-2005:179 http://www.mandriva.com/security/advisories?name=MDKSA-2005:179 RHSA-2005:762 http://www.redhat.com/support/errata/RHSA-2005-762.html RHSA-2005:800 http://www.redhat.com/support/errata/RHSA-2005-800.html RHSA-2008:0629 http://www.redhat.com/support/errata/RHSA-2008-0629.html SSRT061239 SSRT071299 SUSE-SA:2005:061 http://www.novell.com/linux/security/advisories/2005_61_openssl.html TSLSA-2005-0059 http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers/dir5.10.3_docs_relnotes.pdf hitachi-hicommand-security-bypass(35287) https://exchange.xforce.ibmcloud.com/vulnerabilities/35287 http://support.avaya.com/elmodocs2/security/ASA-2006-031.htm http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVHMCHMC_C081516_754 http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html http://www.hitachi-support.com/security_e/vuls_e/HS07-016_e/index-e.html http://www.juniper.net/support/security/alerts/PSN-2005-12-025.txt http://www.openssl.org/news/secadv_20051011.txt https://issues.rpath.com/browse/RPL-1633 oval:org.mitre.oval:def:11454 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11454 Common Vulnerability Exposure (CVE) ID: CVE-2005-2946 http://www.cits.rub.de/MD5Collisions/ https://bugzilla.ubuntu.com/show_bug.cgi?id=13593 http://www.ubuntu.com/usn/usn-179-1
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.