CVE-2010-4180

OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://cvs.openssl.org/chngview?cn=20131	Broken Link Patch
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777	Broken Link
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777	Broken Link
http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html	Broken Link Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052027.html	Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052315.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=129916880600544&w=2	Issue Tracking Third Party Advisory
http://marc.info/?l=bugtraq&m=129916880600544&w=2	Issue Tracking Third Party Advisory
http://marc.info/?l=bugtraq&m=130497251507577&w=2	Issue Tracking Third Party Advisory
http://marc.info/?l=bugtraq&m=130497251507577&w=2	Issue Tracking Third Party Advisory
http://marc.info/?l=bugtraq&m=132077688910227&w=2	Issue Tracking Third Party Advisory
http://marc.info/?l=bugtraq&m=132077688910227&w=2	Issue Tracking Third Party Advisory
http://openssl.org/news/secadv_20101202.txt	Patch Third Party Advisory
http://osvdb.org/69565	Broken Link
http://secunia.com/advisories/42469	Not Applicable
http://secunia.com/advisories/42473	Not Applicable
http://secunia.com/advisories/42493	Not Applicable
http://secunia.com/advisories/42571	Not Applicable
http://secunia.com/advisories/42620	Not Applicable
http://secunia.com/advisories/42811	Not Applicable
http://secunia.com/advisories/42877	Not Applicable
http://secunia.com/advisories/43169	Not Applicable
http://secunia.com/advisories/43170	Not Applicable
http://secunia.com/advisories/43171	Not Applicable
http://secunia.com/advisories/43172	Not Applicable
http://secunia.com/advisories/43173	Not Applicable
http://secunia.com/advisories/44269	Not Applicable
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668471	Third Party Advisory
http://support.apple.com/kb/HT4723	Third Party Advisory
http://ubuntu.com/usn/usn-1029-1	Third Party Advisory
http://www.debian.org/security/2011/dsa-2141	Third Party Advisory
http://www.kb.cert.org/vuls/id/737740	Third Party Advisory US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2010:248	Permissions Required
http://www.redhat.com/support/errata/RHSA-2010-0977.html	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0978.html	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0979.html	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-0896.html	Vendor Advisory
http://www.securityfocus.com/archive/1/522176	Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/522176	Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/45164	Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1024822	Broken Link Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2010/3120	Permissions Required
http://www.vupen.com/english/advisories/2010/3122	Permissions Required
http://www.vupen.com/english/advisories/2010/3134	Permissions Required
http://www.vupen.com/english/advisories/2010/3188	Permissions Required
http://www.vupen.com/english/advisories/2011/0032	Permissions Required
http://www.vupen.com/english/advisories/2011/0076	Permissions Required
http://www.vupen.com/english/advisories/2011/0268	Permissions Required
https://bugzilla.redhat.com/show_bug.cgi?id=659462	Issue Tracking Patch Third Party Advisory
https://kb.bluecoat.com/index?page=content&id=SA53&actp=LIST	Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18910	Third Party Advisory
http://cvs.openssl.org/chngview?cn=20131	Broken Link Patch
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777	Broken Link
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777	Broken Link
http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html	Broken Link Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052027.html	Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052315.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=129916880600544&w=2	Issue Tracking Third Party Advisory
http://marc.info/?l=bugtraq&m=129916880600544&w=2	Issue Tracking Third Party Advisory
http://marc.info/?l=bugtraq&m=130497251507577&w=2	Issue Tracking Third Party Advisory
http://marc.info/?l=bugtraq&m=130497251507577&w=2	Issue Tracking Third Party Advisory
http://marc.info/?l=bugtraq&m=132077688910227&w=2	Issue Tracking Third Party Advisory
http://marc.info/?l=bugtraq&m=132077688910227&w=2	Issue Tracking Third Party Advisory
http://openssl.org/news/secadv_20101202.txt	Patch Third Party Advisory
http://osvdb.org/69565	Broken Link
http://secunia.com/advisories/42469	Not Applicable
http://secunia.com/advisories/42473	Not Applicable
http://secunia.com/advisories/42493	Not Applicable
http://secunia.com/advisories/42571	Not Applicable
http://secunia.com/advisories/42620	Not Applicable
http://secunia.com/advisories/42811	Not Applicable
http://secunia.com/advisories/42877	Not Applicable
http://secunia.com/advisories/43169	Not Applicable
http://secunia.com/advisories/43170	Not Applicable
http://secunia.com/advisories/43171	Not Applicable
http://secunia.com/advisories/43172	Not Applicable
http://secunia.com/advisories/43173	Not Applicable
http://secunia.com/advisories/44269	Not Applicable
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668471	Third Party Advisory
http://support.apple.com/kb/HT4723	Third Party Advisory
http://ubuntu.com/usn/usn-1029-1	Third Party Advisory
http://www.debian.org/security/2011/dsa-2141	Third Party Advisory
http://www.kb.cert.org/vuls/id/737740	Third Party Advisory US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2010:248	Permissions Required
http://www.redhat.com/support/errata/RHSA-2010-0977.html	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0978.html	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0979.html	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-0896.html	Vendor Advisory
http://www.securityfocus.com/archive/1/522176	Third Party Advisory VDB Entry
http://www.securityfocus.com/archive/1/522176	Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/45164	Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1024822	Broken Link Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2010/3120	Permissions Required
http://www.vupen.com/english/advisories/2010/3122	Permissions Required
http://www.vupen.com/english/advisories/2010/3134	Permissions Required
http://www.vupen.com/english/advisories/2010/3188	Permissions Required
http://www.vupen.com/english/advisories/2011/0032	Permissions Required
http://www.vupen.com/english/advisories/2011/0076	Permissions Required
http://www.vupen.com/english/advisories/2011/0268	Permissions Required
https://bugzilla.redhat.com/show_bug.cgi?id=659462	Issue Tracking Patch Third Party Advisory
https://kb.bluecoat.com/index?page=content&id=SA53&actp=LIST	Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18910	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:openssl:openssl::::::::
	cpe:2.3:a:openssl:openssl::::::::

Configuration 2 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:13:::::::*
	cpe:2.3:o:fedoraproject:fedora:14:::::::*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:8.04::::-:::
	cpe:2.3:o:canonical:ubuntu_linux:9.04:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:10.04::::-:::
	cpe:2.3:o:canonical:ubuntu_linux:10.10:::::::*

Configuration 5 (hide)

OR	cpe:2.3:o:opensuse:opensuse:11.1:::::::*
	cpe:2.3:o:opensuse:opensuse:11.2:::::::*
	cpe:2.3:o:opensuse:opensuse:11.3:::::::*
	cpe:2.3:o:opensuse:opensuse:11.4:::::::*
	cpe:2.3:o:suse:linux_enterprise:11.0:sp1::::::
	cpe:2.3:o:suse:linux_enterprise_desktop:10:sp3::::::
	cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:::-:::*
	cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1::::::
	cpe:2.3:o:suse:linux_enterprise_server:9:::::::*
	cpe:2.3:o:suse:linux_enterprise_server:10:sp3:::-:::*
	cpe:2.3:o:suse:linux_enterprise_server:10:sp4:::-:::*

Configuration 6 (hide)

cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2010-12-06 21:05

Updated : 2025-04-11 00:51

NVD link : CVE-2010-4180

Mitre link : CVE-2010-4180

CVE.ORG link : CVE-2010-4180

JSON object : View

Products Affected

suse

linux_enterprise_desktop
linux_enterprise
linux_enterprise_server

fedoraproject

fedora

debian

debian_linux

canonical

ubuntu_linux

nginx

openssl

openssl

opensuse

opensuse

CWE

NVD-CWE-noinfo

4.3 /10