Test ID:	1.3.6.1.4.1.25623.1.0.55570
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2005:800
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2005:800. OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. OpenSSL contained a software work-around for a bug in SSL handling in Microsoft Internet Explorer version 3.0.2. This work-around is enabled in most servers that use OpenSSL to provide support for SSL and TLS. Yutaka Oiwa discovered that this work-around could allow an attacker, acting as a man in the middle to force an SSL connection to use SSL 2.0 rather than a stronger protocol such as SSL 3.0 or TLS 1.0. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2969 to this issue. A bug was also fixed in the way OpenSSL creates DSA signatures. A cache timing attack was fixed in RHSA-2005-476 which caused OpenSSL to do private key calculations with a fixed time window. The DSA fix for this was not complete and the calculations are not always performed within a fixed-window. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0109 to this issue. Users are advised to upgrade to these updated packages, which remove the MISE 3.0.2 work-around and contain patches to correct these issues. Note: After installing this update, users are advised to either restart all services that use OpenSSL or restart their system. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2005-800.html Risk factor : High CVSS Score: 7.2
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2005-2969 1015032 http://securitytracker.com/id?1015032 101974 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101974-1 15071 http://www.securityfocus.com/bid/15071 15647 http://www.securityfocus.com/bid/15647 17146 http://secunia.com/advisories/17146 17151 http://secunia.com/advisories/17151 17153 http://secunia.com/advisories/17153 17169 http://secunia.com/advisories/17169 17178 http://secunia.com/advisories/17178 17180 http://secunia.com/advisories/17180 17189 http://secunia.com/advisories/17189 17191 http://secunia.com/advisories/17191 17210 http://secunia.com/advisories/17210 17259 http://secunia.com/advisories/17259 17288 http://secunia.com/advisories/17288 17335 http://secunia.com/advisories/17335 17344 http://secunia.com/advisories/17344 17389 http://secunia.com/advisories/17389 17409 http://secunia.com/advisories/17409 17432 http://secunia.com/advisories/17432 17466 http://secunia.com/advisories/17466 17589 http://secunia.com/advisories/17589 17617 http://secunia.com/advisories/17617 17632 http://secunia.com/advisories/17632 17813 http://secunia.com/advisories/17813 17888 http://secunia.com/advisories/17888 18045 http://secunia.com/advisories/18045 18123 http://secunia.com/advisories/18123 18165 http://secunia.com/advisories/18165 18663 http://secunia.com/advisories/18663 19185 http://secunia.com/advisories/19185 20051202 Cisco Security Notice: Response to OpenSSL - Potential SSL 2.0 Rollback http://www.cisco.com/warp/public/707/cisco-response-20051202-openssl.shtml 21827 http://secunia.com/advisories/21827 23280 http://secunia.com/advisories/23280 23340 http://secunia.com/advisories/23340 23843 http://secunia.com/advisories/23843 23915 http://secunia.com/advisories/23915 24799 http://www.securityfocus.com/bid/24799 25973 http://secunia.com/advisories/25973 26893 http://secunia.com/advisories/26893 31492 http://secunia.com/advisories/31492 ADV-2005-2036 http://www.vupen.com/english/advisories/2005/2036 ADV-2005-2659 http://www.vupen.com/english/advisories/2005/2659 ADV-2005-2710 http://www.vupen.com/english/advisories/2005/2710 ADV-2005-2908 http://www.vupen.com/english/advisories/2005/2908 ADV-2005-3002 http://www.vupen.com/english/advisories/2005/3002 ADV-2005-3056 http://www.vupen.com/english/advisories/2005/3056 ADV-2006-3531 http://www.vupen.com/english/advisories/2006/3531 ADV-2007-0326 http://www.vupen.com/english/advisories/2007/0326 ADV-2007-0343 http://www.vupen.com/english/advisories/2007/0343 ADV-2007-2457 http://www.vupen.com/english/advisories/2007/2457 APPLE-SA-2005-11-29 http://docs.info.apple.com/article.html?artnum=302847 DSA-875 http://www.debian.org/security/2005/dsa-875 DSA-881 http://www.debian.org/security/2005/dsa-881 DSA-882 http://www.debian.org/security/2005/dsa-882 HPSBUX02174 http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100 HPSBUX02186 http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540 MDKSA-2005:179 http://www.mandriva.com/security/advisories?name=MDKSA-2005:179 RHSA-2005:762 http://www.redhat.com/support/errata/RHSA-2005-762.html RHSA-2005:800 http://www.redhat.com/support/errata/RHSA-2005-800.html RHSA-2008:0629 http://www.redhat.com/support/errata/RHSA-2008-0629.html SSRT061239 SSRT071299 SUSE-SA:2005:061 http://www.novell.com/linux/security/advisories/2005_61_openssl.html TSLSA-2005-0059 http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers/dir5.10.3_docs_relnotes.pdf hitachi-hicommand-security-bypass(35287) https://exchange.xforce.ibmcloud.com/vulnerabilities/35287 http://support.avaya.com/elmodocs2/security/ASA-2006-031.htm http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVHMCHMC_C081516_754 http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html http://www.hitachi-support.com/security_e/vuls_e/HS07-016_e/index-e.html http://www.juniper.net/support/security/alerts/PSN-2005-12-025.txt http://www.openssl.org/news/secadv_20051011.txt https://issues.rpath.com/browse/RPL-1633 oval:org.mitre.oval:def:11454 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11454 Common Vulnerability Exposure (CVE) ID: CVE-2005-0109 BugTraq ID: 12724 http://www.securityfocus.com/bid/12724 CERT/CC vulnerability note: VU#911878 http://www.kb.cert.org/vuls/id/911878 FreeBSD Security Advisory: FreeBSD-SA-05:09 http://www.daemonology.net/hyperthreading-considered-harmful/ http://www.daemonology.net/papers/htt.pdf http://marc.info/?l=freebsd-hackers&m=110994026421858&w=2 http://marc.info/?l=freebsd-security&m=110994370429609&w=2 http://marc.info/?l=openbsd-misc&m=110995101417256&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9747 http://www.redhat.com/support/errata/RHSA-2005-476.html SCO Security Bulletin: SCOSA-2005.24 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.24/SCOSA-2005.24.txt http://securitytracker.com/id?1013967 http://secunia.com/advisories/15348 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101739-1 http://www.vupen.com/english/advisories/2005/0540
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.