Rapid7 Vulnerability & Exploit Database

SUSE Linux Security Vulnerability: CVE-2009-3555

Back to Search

SUSE Linux Security Vulnerability: CVE-2009-3555

Severity
6
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:P)
Published
11/09/2009
Created
07/25/2018
Added
02/17/2015
Modified
07/04/2017

Description

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.

Solution(s)

  • suse-upgrade-autoconf213
  • suse-upgrade-beagle
  • suse-upgrade-beagle-devel
  • suse-upgrade-beagle-epiphany
  • suse-upgrade-beagle-evolution
  • suse-upgrade-beagle-firefox
  • suse-upgrade-beagle-google
  • suse-upgrade-beagle-gui
  • suse-upgrade-beagle-lang
  • suse-upgrade-beagle-thunderbird
  • suse-upgrade-compat-openssl097g
  • suse-upgrade-compat-openssl097g-32bit
  • suse-upgrade-compat-openssl097g-64bit
  • suse-upgrade-compat-openssl097g-x86
  • suse-upgrade-enigmail
  • suse-upgrade-gconf2
  • suse-upgrade-gconf2-32bit
  • suse-upgrade-gconf2-x86
  • suse-upgrade-gnutls
  • suse-upgrade-gnutls-32bit
  • suse-upgrade-gnutls-64bit
  • suse-upgrade-gnutls-devel
  • suse-upgrade-gnutls-devel-32bit
  • suse-upgrade-gnutls-devel-64bit
  • suse-upgrade-gnutls-x86
  • suse-upgrade-ibmjava2-jre
  • suse-upgrade-ibmjava2-sdk
  • suse-upgrade-ibmjava5-jre
  • suse-upgrade-ibmjava5-sdk
  • suse-upgrade-java-1_4_2-ibm
  • suse-upgrade-java-1_4_2-ibm-devel
  • suse-upgrade-java-1_4_2-ibm-jdbc
  • suse-upgrade-java-1_4_2-ibm-plugin
  • suse-upgrade-java-1_5_0-ibm
  • suse-upgrade-java-1_5_0-ibm-32bit
  • suse-upgrade-java-1_5_0-ibm-64bit
  • suse-upgrade-java-1_5_0-ibm-alsa
  • suse-upgrade-java-1_5_0-ibm-alsa-32bit
  • suse-upgrade-java-1_5_0-ibm-demo
  • suse-upgrade-java-1_5_0-ibm-devel
  • suse-upgrade-java-1_5_0-ibm-devel-32bit
  • suse-upgrade-java-1_5_0-ibm-fonts
  • suse-upgrade-java-1_5_0-ibm-jdbc
  • suse-upgrade-java-1_5_0-ibm-plugin
  • suse-upgrade-java-1_5_0-ibm-src
  • suse-upgrade-java-1_6_0-ibm
  • suse-upgrade-java-1_6_0-ibm-32bit
  • suse-upgrade-java-1_6_0-ibm-64bit
  • suse-upgrade-java-1_6_0-ibm-alsa
  • suse-upgrade-java-1_6_0-ibm-alsa-32bit
  • suse-upgrade-java-1_6_0-ibm-devel
  • suse-upgrade-java-1_6_0-ibm-devel-32bit
  • suse-upgrade-java-1_6_0-ibm-fonts
  • suse-upgrade-java-1_6_0-ibm-jdbc
  • suse-upgrade-java-1_6_0-ibm-plugin
  • suse-upgrade-java-1_6_0-ibm-plugin-32bit
  • suse-upgrade-java-1_6_0-openjdk
  • suse-upgrade-java-1_6_0-openjdk-demo
  • suse-upgrade-java-1_6_0-openjdk-devel
  • suse-upgrade-java-1_6_0-openjdk-javadoc
  • suse-upgrade-java-1_6_0-openjdk-plugin
  • suse-upgrade-java-1_6_0-openjdk-src
  • suse-upgrade-java-1_6_0-sun
  • suse-upgrade-java-1_6_0-sun-32bit
  • suse-upgrade-java-1_6_0-sun-alsa
  • suse-upgrade-java-1_6_0-sun-demo
  • suse-upgrade-java-1_6_0-sun-devel
  • suse-upgrade-java-1_6_0-sun-jdbc
  • suse-upgrade-java-1_6_0-sun-plugin
  • suse-upgrade-java-1_6_0-sun-plugin-32bit
  • suse-upgrade-java-1_6_0-sun-src
  • suse-upgrade-libfreebl3
  • suse-upgrade-libfreebl3-32bit
  • suse-upgrade-libfreebl3-64bit
  • suse-upgrade-libfreebl3-x86
  • suse-upgrade-libgnutls-devel
  • suse-upgrade-libgnutls-extra-devel
  • suse-upgrade-libgnutls-extra26
  • suse-upgrade-libgnutls26
  • suse-upgrade-libgnutls26-32bit
  • suse-upgrade-libgnutls26-64bit
  • suse-upgrade-libgnutls26-x86
  • suse-upgrade-libidl
  • suse-upgrade-libidl-32bit
  • suse-upgrade-libidl-x86
  • suse-upgrade-libopenssl-devel
  • suse-upgrade-libopenssl0_9_8
  • suse-upgrade-libopenssl0_9_8-32bit
  • suse-upgrade-libopenssl0_9_8-64bit
  • suse-upgrade-libopenssl0_9_8-x86
  • suse-upgrade-mhtml-firefox
  • suse-upgrade-mozilla-nspr
  • suse-upgrade-mozilla-nspr-32bit
  • suse-upgrade-mozilla-nspr-devel
  • suse-upgrade-mozilla-nspr-x86
  • suse-upgrade-mozilla-nss
  • suse-upgrade-mozilla-nss-32bit
  • suse-upgrade-mozilla-nss-64bit
  • suse-upgrade-mozilla-nss-devel
  • suse-upgrade-mozilla-nss-tools
  • suse-upgrade-mozilla-nss-x86
  • suse-upgrade-mozilla-xulrunner190
  • suse-upgrade-mozilla-xulrunner190-32bit
  • suse-upgrade-mozilla-xulrunner190-64bit
  • suse-upgrade-mozilla-xulrunner190-devel
  • suse-upgrade-mozilla-xulrunner190-gnomevfs
  • suse-upgrade-mozilla-xulrunner190-gnomevfs-32bit
  • suse-upgrade-mozilla-xulrunner190-gnomevfs-64bit
  • suse-upgrade-mozilla-xulrunner190-translations
  • suse-upgrade-mozilla-xulrunner190-translations-32bit
  • suse-upgrade-mozilla-xulrunner190-translations-64bit
  • suse-upgrade-mozilla-xulrunner190-x86
  • suse-upgrade-mozilla-xulrunner191
  • suse-upgrade-mozilla-xulrunner191-32bit
  • suse-upgrade-mozilla-xulrunner191-64bit
  • suse-upgrade-mozilla-xulrunner191-devel
  • suse-upgrade-mozilla-xulrunner191-gnomevfs
  • suse-upgrade-mozilla-xulrunner191-gnomevfs-32bit
  • suse-upgrade-mozilla-xulrunner191-gnomevfs-64bit
  • suse-upgrade-mozilla-xulrunner191-translations
  • suse-upgrade-mozilla-xulrunner191-translations-32bit
  • suse-upgrade-mozilla-xulrunner191-translations-common
  • suse-upgrade-mozilla-xulrunner191-translations-other
  • suse-upgrade-mozilla-xulrunner191-x86
  • suse-upgrade-mozilla-xulrunner192
  • suse-upgrade-mozilla-xulrunner192-32bit
  • suse-upgrade-mozilla-xulrunner192-gnome
  • suse-upgrade-mozilla-xulrunner192-translations
  • suse-upgrade-mozilla-xulrunner192-x86
  • suse-upgrade-mozillafirefox
  • suse-upgrade-mozillafirefox-branding-opensuse
  • suse-upgrade-mozillafirefox-branding-sled
  • suse-upgrade-mozillafirefox-branding-upstream
  • suse-upgrade-mozillafirefox-translations
  • suse-upgrade-mozillafirefox-translations-common
  • suse-upgrade-mozillafirefox-translations-other
  • suse-upgrade-mozillathunderbird
  • suse-upgrade-mozillathunderbird-devel
  • suse-upgrade-mozillathunderbird-translations-common
  • suse-upgrade-mozillathunderbird-translations-other
  • suse-upgrade-openssl
  • suse-upgrade-openssl-32bit
  • suse-upgrade-openssl-64bit
  • suse-upgrade-openssl-certs
  • suse-upgrade-openssl-devel
  • suse-upgrade-openssl-devel-32bit
  • suse-upgrade-openssl-devel-64bit
  • suse-upgrade-openssl-doc
  • suse-upgrade-openssl-x86
  • suse-upgrade-orbit2
  • suse-upgrade-orbit2-32bit
  • suse-upgrade-orbit2-x86
  • suse-upgrade-python-xpcom190
  • suse-upgrade-python-xpcom191
  • suse-upgrade-sap-aio-release
  • suse-upgrade-seamonkey
  • suse-upgrade-seamonkey-dom-inspector
  • suse-upgrade-seamonkey-irc
  • suse-upgrade-seamonkey-venkman
  • suse-upgrade-zlib
  • suse-upgrade-zlib-32bit
  • suse-upgrade-zlib-x86

References

  • suse-upgrade-autoconf213
  • suse-upgrade-beagle
  • suse-upgrade-beagle-devel
  • suse-upgrade-beagle-epiphany
  • suse-upgrade-beagle-evolution
  • suse-upgrade-beagle-firefox
  • suse-upgrade-beagle-google
  • suse-upgrade-beagle-gui
  • suse-upgrade-beagle-lang
  • suse-upgrade-beagle-thunderbird
  • suse-upgrade-compat-openssl097g
  • suse-upgrade-compat-openssl097g-32bit
  • suse-upgrade-compat-openssl097g-64bit
  • suse-upgrade-compat-openssl097g-x86
  • suse-upgrade-enigmail
  • suse-upgrade-gconf2
  • suse-upgrade-gconf2-32bit
  • suse-upgrade-gconf2-x86
  • suse-upgrade-gnutls
  • suse-upgrade-gnutls-32bit
  • suse-upgrade-gnutls-64bit
  • suse-upgrade-gnutls-devel
  • suse-upgrade-gnutls-devel-32bit
  • suse-upgrade-gnutls-devel-64bit
  • suse-upgrade-gnutls-x86
  • suse-upgrade-ibmjava2-jre
  • suse-upgrade-ibmjava2-sdk
  • suse-upgrade-ibmjava5-jre
  • suse-upgrade-ibmjava5-sdk
  • suse-upgrade-java-1_4_2-ibm
  • suse-upgrade-java-1_4_2-ibm-devel
  • suse-upgrade-java-1_4_2-ibm-jdbc
  • suse-upgrade-java-1_4_2-ibm-plugin
  • suse-upgrade-java-1_5_0-ibm
  • suse-upgrade-java-1_5_0-ibm-32bit
  • suse-upgrade-java-1_5_0-ibm-64bit
  • suse-upgrade-java-1_5_0-ibm-alsa
  • suse-upgrade-java-1_5_0-ibm-alsa-32bit
  • suse-upgrade-java-1_5_0-ibm-demo
  • suse-upgrade-java-1_5_0-ibm-devel
  • suse-upgrade-java-1_5_0-ibm-devel-32bit
  • suse-upgrade-java-1_5_0-ibm-fonts
  • suse-upgrade-java-1_5_0-ibm-jdbc
  • suse-upgrade-java-1_5_0-ibm-plugin
  • suse-upgrade-java-1_5_0-ibm-src
  • suse-upgrade-java-1_6_0-ibm
  • suse-upgrade-java-1_6_0-ibm-32bit
  • suse-upgrade-java-1_6_0-ibm-64bit
  • suse-upgrade-java-1_6_0-ibm-alsa
  • suse-upgrade-java-1_6_0-ibm-alsa-32bit
  • suse-upgrade-java-1_6_0-ibm-devel
  • suse-upgrade-java-1_6_0-ibm-devel-32bit
  • suse-upgrade-java-1_6_0-ibm-fonts
  • suse-upgrade-java-1_6_0-ibm-jdbc
  • suse-upgrade-java-1_6_0-ibm-plugin
  • suse-upgrade-java-1_6_0-ibm-plugin-32bit
  • suse-upgrade-java-1_6_0-openjdk
  • suse-upgrade-java-1_6_0-openjdk-demo
  • suse-upgrade-java-1_6_0-openjdk-devel
  • suse-upgrade-java-1_6_0-openjdk-javadoc
  • suse-upgrade-java-1_6_0-openjdk-plugin
  • suse-upgrade-java-1_6_0-openjdk-src
  • suse-upgrade-java-1_6_0-sun
  • suse-upgrade-java-1_6_0-sun-32bit
  • suse-upgrade-java-1_6_0-sun-alsa
  • suse-upgrade-java-1_6_0-sun-demo
  • suse-upgrade-java-1_6_0-sun-devel
  • suse-upgrade-java-1_6_0-sun-jdbc
  • suse-upgrade-java-1_6_0-sun-plugin
  • suse-upgrade-java-1_6_0-sun-plugin-32bit
  • suse-upgrade-java-1_6_0-sun-src
  • suse-upgrade-libfreebl3
  • suse-upgrade-libfreebl3-32bit
  • suse-upgrade-libfreebl3-64bit
  • suse-upgrade-libfreebl3-x86
  • suse-upgrade-libgnutls-devel
  • suse-upgrade-libgnutls-extra-devel
  • suse-upgrade-libgnutls-extra26
  • suse-upgrade-libgnutls26
  • suse-upgrade-libgnutls26-32bit
  • suse-upgrade-libgnutls26-64bit
  • suse-upgrade-libgnutls26-x86
  • suse-upgrade-libidl
  • suse-upgrade-libidl-32bit
  • suse-upgrade-libidl-x86
  • suse-upgrade-libopenssl-devel
  • suse-upgrade-libopenssl0_9_8
  • suse-upgrade-libopenssl0_9_8-32bit
  • suse-upgrade-libopenssl0_9_8-64bit
  • suse-upgrade-libopenssl0_9_8-x86
  • suse-upgrade-mhtml-firefox
  • suse-upgrade-mozilla-nspr
  • suse-upgrade-mozilla-nspr-32bit
  • suse-upgrade-mozilla-nspr-devel
  • suse-upgrade-mozilla-nspr-x86
  • suse-upgrade-mozilla-nss
  • suse-upgrade-mozilla-nss-32bit
  • suse-upgrade-mozilla-nss-64bit
  • suse-upgrade-mozilla-nss-devel
  • suse-upgrade-mozilla-nss-tools
  • suse-upgrade-mozilla-nss-x86
  • suse-upgrade-mozilla-xulrunner190
  • suse-upgrade-mozilla-xulrunner190-32bit
  • suse-upgrade-mozilla-xulrunner190-64bit
  • suse-upgrade-mozilla-xulrunner190-devel
  • suse-upgrade-mozilla-xulrunner190-gnomevfs
  • suse-upgrade-mozilla-xulrunner190-gnomevfs-32bit
  • suse-upgrade-mozilla-xulrunner190-gnomevfs-64bit
  • suse-upgrade-mozilla-xulrunner190-translations
  • suse-upgrade-mozilla-xulrunner190-translations-32bit
  • suse-upgrade-mozilla-xulrunner190-translations-64bit
  • suse-upgrade-mozilla-xulrunner190-x86
  • suse-upgrade-mozilla-xulrunner191
  • suse-upgrade-mozilla-xulrunner191-32bit
  • suse-upgrade-mozilla-xulrunner191-64bit
  • suse-upgrade-mozilla-xulrunner191-devel
  • suse-upgrade-mozilla-xulrunner191-gnomevfs
  • suse-upgrade-mozilla-xulrunner191-gnomevfs-32bit
  • suse-upgrade-mozilla-xulrunner191-gnomevfs-64bit
  • suse-upgrade-mozilla-xulrunner191-translations
  • suse-upgrade-mozilla-xulrunner191-translations-32bit
  • suse-upgrade-mozilla-xulrunner191-translations-common
  • suse-upgrade-mozilla-xulrunner191-translations-other
  • suse-upgrade-mozilla-xulrunner191-x86
  • suse-upgrade-mozilla-xulrunner192
  • suse-upgrade-mozilla-xulrunner192-32bit
  • suse-upgrade-mozilla-xulrunner192-gnome
  • suse-upgrade-mozilla-xulrunner192-translations
  • suse-upgrade-mozilla-xulrunner192-x86
  • suse-upgrade-mozillafirefox
  • suse-upgrade-mozillafirefox-branding-opensuse
  • suse-upgrade-mozillafirefox-branding-sled
  • suse-upgrade-mozillafirefox-branding-upstream
  • suse-upgrade-mozillafirefox-translations
  • suse-upgrade-mozillafirefox-translations-common
  • suse-upgrade-mozillafirefox-translations-other
  • suse-upgrade-mozillathunderbird
  • suse-upgrade-mozillathunderbird-devel
  • suse-upgrade-mozillathunderbird-translations-common
  • suse-upgrade-mozillathunderbird-translations-other
  • suse-upgrade-openssl
  • suse-upgrade-openssl-32bit
  • suse-upgrade-openssl-64bit
  • suse-upgrade-openssl-certs
  • suse-upgrade-openssl-devel
  • suse-upgrade-openssl-devel-32bit
  • suse-upgrade-openssl-devel-64bit
  • suse-upgrade-openssl-doc
  • suse-upgrade-openssl-x86
  • suse-upgrade-orbit2
  • suse-upgrade-orbit2-32bit
  • suse-upgrade-orbit2-x86
  • suse-upgrade-python-xpcom190
  • suse-upgrade-python-xpcom191
  • suse-upgrade-sap-aio-release
  • suse-upgrade-seamonkey
  • suse-upgrade-seamonkey-dom-inspector
  • suse-upgrade-seamonkey-irc
  • suse-upgrade-seamonkey-venkman
  • suse-upgrade-zlib
  • suse-upgrade-zlib-32bit
  • suse-upgrade-zlib-x86

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;