CVE-2010-4180:openssl: OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, whe...

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2010-4180

openssl: OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, whe...

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4180

Original

OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the use of an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2010-12-06

Source Information Category:

Advisory, Alert

Last Updated:

2010-12-07

Affected Product Tags

cpe:/a:openssl:openssl:0.9.1c

cpe:/a:openssl:openssl:0.9.2b

cpe:/a:openssl:openssl:0.9.3

cpe:/a:openssl:openssl:0.9.3a

cpe:/a:openssl:openssl:0.9.4

cpe:/a:openssl:openssl:0.9.5

cpe:/a:openssl:openssl:0.9.5:beta1

cpe:/a:openssl:openssl:0.9.5:beta2

cpe:/a:openssl:openssl:0.9.5a

cpe:/a:openssl:openssl:0.9.5a:beta1

cpe:/a:openssl:openssl:0.9.5a:beta2

cpe:/a:openssl:openssl:0.9.6

cpe:/a:openssl:openssl:0.9.6:beta1

cpe:/a:openssl:openssl:0.9.6:beta2

cpe:/a:openssl:openssl:0.9.6:beta3

cpe:/a:openssl:openssl:0.9.6a

cpe:/a:openssl:openssl:0.9.6a:beta1

cpe:/a:openssl:openssl:0.9.6a:beta2

cpe:/a:openssl:openssl:0.9.6a:beta3

cpe:/a:openssl:openssl:0.9.6b

cpe:/a:openssl:openssl:0.9.6c

cpe:/a:openssl:openssl:0.9.6d

cpe:/a:openssl:openssl:0.9.6e

cpe:/a:openssl:openssl:0.9.6f

cpe:/a:openssl:openssl:0.9.6g

cpe:/a:openssl:openssl:0.9.6h

cpe:/a:openssl:openssl:0.9.6i

cpe:/a:openssl:openssl:0.9.6j

cpe:/a:openssl:openssl:0.9.6k

cpe:/a:openssl:openssl:0.9.6l

cpe:/a:openssl:openssl:0.9.6m

cpe:/a:openssl:openssl:0.9.7

cpe:/a:openssl:openssl:0.9.7:beta1

cpe:/a:openssl:openssl:0.9.7:beta2

cpe:/a:openssl:openssl:0.9.7:beta3

cpe:/a:openssl:openssl:0.9.7:beta4

cpe:/a:openssl:openssl:0.9.7:beta5

cpe:/a:openssl:openssl:0.9.7:beta6

cpe:/a:openssl:openssl:0.9.7a

cpe:/a:openssl:openssl:0.9.7b

cpe:/a:openssl:openssl:0.9.7c

cpe:/a:openssl:openssl:0.9.7d

cpe:/a:openssl:openssl:0.9.7e

cpe:/a:openssl:openssl:0.9.7f

cpe:/a:openssl:openssl:0.9.7g

cpe:/a:openssl:openssl:0.9.7h

cpe:/a:openssl:openssl:0.9.7i

cpe:/a:openssl:openssl:0.9.7j

cpe:/a:openssl:openssl:0.9.7k

cpe:/a:openssl:openssl:0.9.7l

cpe:/a:openssl:openssl:0.9.7m

cpe:/a:openssl:openssl:0.9.8

cpe:/a:openssl:openssl:0.9.8a

cpe:/a:openssl:openssl:0.9.8b

cpe:/a:openssl:openssl:0.9.8c

cpe:/a:openssl:openssl:0.9.8d

cpe:/a:openssl:openssl:0.9.8e

cpe:/a:openssl:openssl:0.9.8f

cpe:/a:openssl:openssl:0.9.8g

cpe:/a:openssl:openssl:0.9.8h

cpe:/a:openssl:openssl:0.9.8i

cpe:/a:openssl:openssl:0.9.8j

cpe:/a:openssl:openssl:0.9.8k

cpe:/a:openssl:openssl:0.9.8l

cpe:/a:openssl:openssl:0.9.8m

cpe:/a:openssl:openssl:0.9.8n

cpe:/a:openssl:openssl:0.9.8o

cpe:/a:openssl:openssl:0.9.8p and previous versions

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=659462

CONFIRM http://openssl.org/news/secadv_20101202.txt

CONFIRM http://cvs.openssl.org/chngview?cn=20131

Vulnerability Type Cryptographic Issues (CWE-310)