Rapid7 Vulnerability & Exploit Database

ELSA-2010-0978 Moderate: Oracle Linux openssl security update

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

ELSA-2010-0978 Moderate: Oracle Linux openssl security update

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

12/06/2010

Created

07/25/2018

Added

12/20/2011

Modified

04/11/2019

Description

OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.

Solution(s)

oracle-linux-upgrade-openssl
oracle-linux-upgrade-openssl-devel
oracle-linux-upgrade-openssl-perl

References

https://attackerkb.com/topics/cve-2010-4180
APPLE-SA-2011-06-23-1
45164
737740
CVE - 2010-4180
DSA-2141
Category I
V0030769
V0033794
V0033884
2011-A-0160
2012-A-0148
2012-A-0153
OVAL18910
RHSA-2010:0977
RHSA-2010:0978
RHSA-2010:0979
RHSA-2011:0896
http://oss.oracle.com/pipermail/el-errata/2010-December/001771.html

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

ELSA-2010-0978 Moderate: Oracle Linux openssl security update

ELSA-2010-0978 Moderate: Oracle Linux openssl security update

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.