Rapid7 Vulnerability & Exploit Database

Gentoo Linux: CVE-2010-4180: OpenSSL: Multiple vulnerabilities

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

Gentoo Linux: CVE-2010-4180: OpenSSL: Multiple vulnerabilities

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

12/06/2010

Created

07/25/2018

Added

10/30/2017

Modified

10/30/2017

Description

OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.

Solution(s)

gentoo-linux-upgrade-dev-libs-openssl

References

https://attackerkb.com/topics/cve-2010-4180
APPLE-SA-2011-06-23-1
45164
737740
CVE - 2010-4180
DSA-2141
Category I
V0030769
V0033794
V0033884
201110-01
2011-A-0160
2012-A-0148
2012-A-0153
OVAL18910
RHSA-2010:0977
RHSA-2010:0978
RHSA-2010:0979
RHSA-2011:0896

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Gentoo Linux: CVE-2010-4180: OpenSSL: Multiple vulnerabilities

Gentoo Linux: CVE-2010-4180: OpenSSL: Multiple vulnerabilities

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.