Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2010-4180

OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.

Published

2010-12-06T21:05:48.687

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	openssl	openssl	< 0.9.8q	Yes
Application	openssl	openssl	< 1.0.0c	Yes
Operating System	fedoraproject	fedora	13	Yes
Operating System	fedoraproject	fedora	14	Yes
Operating System	debian	debian_linux	5.0	Yes
Operating System	canonical	ubuntu_linux	6.06	Yes
Operating System	canonical	ubuntu_linux	8.04	Yes
Operating System	canonical	ubuntu_linux	9.04	Yes
Operating System	canonical	ubuntu_linux	10.04	Yes
Operating System	canonical	ubuntu_linux	10.10	Yes
Operating System	opensuse	opensuse	11.1	Yes
Operating System	opensuse	opensuse	11.2	Yes
Operating System	opensuse	opensuse	11.3	Yes
Operating System	opensuse	opensuse	11.4	Yes
Operating System	suse	linux_enterprise	11.0	Yes
Operating System	suse	linux_enterprise_desktop	10	Yes
Operating System	suse	linux_enterprise_desktop	10	Yes
Operating System	suse	linux_enterprise_desktop	11	Yes
Operating System	suse	linux_enterprise_server	9	Yes
Operating System	suse	linux_enterprise_server	10	Yes
Operating System	suse	linux_enterprise_server	10	Yes
Application	f5	nginx	< 0.9.2	Yes

References

http://cvs.openssl.org/chngview?cn=20131 Broken Link, Patch ([email protected])
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777 Broken Link ([email protected])
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777 Broken Link ([email protected])
http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html Broken Link, Mailing List, Third Party Advisory ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052027.html Mailing List, Third Party Advisory ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052315.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html Mailing List, Third Party Advisory ([email protected])
http://marc.info/?l=bugtraq&m=129916880600544&w=2 Issue Tracking, Third Party Advisory ([email protected])
http://marc.info/?l=bugtraq&m=129916880600544&w=2 Issue Tracking, Third Party Advisory ([email protected])
http://marc.info/?l=bugtraq&m=130497251507577&w=2 Issue Tracking, Third Party Advisory ([email protected])
http://marc.info/?l=bugtraq&m=130497251507577&w=2 Issue Tracking, Third Party Advisory ([email protected])
http://marc.info/?l=bugtraq&m=132077688910227&w=2 Issue Tracking, Third Party Advisory ([email protected])
http://marc.info/?l=bugtraq&m=132077688910227&w=2 Issue Tracking, Third Party Advisory ([email protected])
http://openssl.org/news/secadv_20101202.txt Patch, Third Party Advisory ([email protected])
http://osvdb.org/69565 Broken Link ([email protected])
http://secunia.com/advisories/42469 Not Applicable ([email protected])
http://secunia.com/advisories/42473 Not Applicable ([email protected])
http://secunia.com/advisories/42493 Not Applicable ([email protected])
http://secunia.com/advisories/42571 Not Applicable ([email protected])
http://secunia.com/advisories/42620 Not Applicable ([email protected])
http://secunia.com/advisories/42811 Not Applicable ([email protected])
http://secunia.com/advisories/42877 Not Applicable ([email protected])
http://secunia.com/advisories/43169 Not Applicable ([email protected])
http://secunia.com/advisories/43170 Not Applicable ([email protected])
http://secunia.com/advisories/43171 Not Applicable ([email protected])
http://secunia.com/advisories/43172 Not Applicable ([email protected])
http://secunia.com/advisories/43173 Not Applicable ([email protected])
http://secunia.com/advisories/44269 Not Applicable ([email protected])
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668471 Third Party Advisory ([email protected])
http://support.apple.com/kb/HT4723 Third Party Advisory ([email protected])
http://ubuntu.com/usn/usn-1029-1 Third Party Advisory ([email protected])
http://www.debian.org/security/2011/dsa-2141 Third Party Advisory ([email protected])
http://www.kb.cert.org/vuls/id/737740 Third Party Advisory, US Government Resource ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2010:248 Permissions Required ([email protected])
http://www.redhat.com/support/errata/RHSA-2010-0977.html Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2010-0978.html Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2010-0979.html Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2011-0896.html Vendor Advisory ([email protected])
http://www.securityfocus.com/archive/1/522176 Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/archive/1/522176 Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/bid/45164 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id?1024822 Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://www.vupen.com/english/advisories/2010/3120 Permissions Required ([email protected])
http://www.vupen.com/english/advisories/2010/3122 Permissions Required ([email protected])
http://www.vupen.com/english/advisories/2010/3134 Permissions Required ([email protected])
http://www.vupen.com/english/advisories/2010/3188 Permissions Required ([email protected])
http://www.vupen.com/english/advisories/2011/0032 Permissions Required ([email protected])
http://www.vupen.com/english/advisories/2011/0076 Permissions Required ([email protected])
http://www.vupen.com/english/advisories/2011/0268 Permissions Required ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=659462 Issue Tracking, Patch, Third Party Advisory ([email protected])
https://kb.bluecoat.com/index?page=content&id=SA53&actp=LIST Broken Link ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18910 Third Party Advisory ([email protected])
http://cvs.openssl.org/chngview?cn=20131 Broken Link, Patch (af854a3a-2127-422b-91ae-364da2661108)
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html Broken Link, Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052027.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052315.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=129916880600544&w=2 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=129916880600544&w=2 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=130497251507577&w=2 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=130497251507577&w=2 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=132077688910227&w=2 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=132077688910227&w=2 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://openssl.org/news/secadv_20101202.txt Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://osvdb.org/69565 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/42469 Not Applicable (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/42473 Not Applicable (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/42493 Not Applicable (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/42571 Not Applicable (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/42620 Not Applicable (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/42811 Not Applicable (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/42877 Not Applicable (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/43169 Not Applicable (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/43170 Not Applicable (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/43171 Not Applicable (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/43172 Not Applicable (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/43173 Not Applicable (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/44269 Not Applicable (af854a3a-2127-422b-91ae-364da2661108)
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668471 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://support.apple.com/kb/HT4723 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://ubuntu.com/usn/usn-1029-1 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2011/dsa-2141 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/737740 Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2010:248 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2010-0977.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2010-0978.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2010-0979.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2011-0896.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/522176 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/522176 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/45164 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1024822 Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/3120 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/3122 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/3134 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/3188 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0032 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0076 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0268 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=659462 Issue Tracking, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://kb.bluecoat.com/index?page=content&id=SA53&actp=LIST Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18910 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)