var-200901-0714
Vulnerability from variot
OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys. F5's FirePass server is a powerful network device that can provide users with secure access to the company's network through any standard web browser. F5 FirePass products have unidentified security vulnerabilities, allowing malicious users to conduct fraud and forgery attacks. OpenSSL is prone to a signature-verification vulnerability. An attacker would likely leverage this issue to conduct phishing attacks or impersonate legitimate sites. Other attacks are also possible. Releases prior to OpenSSL 0.9.8j are affected. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
============================================================================= FreeBSD-SA-09:02.openssl Security Advisory The FreeBSD Project
Topic: OpenSSL incorrectly checks for malformed signatures
Category: contrib Module: openssl Announced: 2009-01-07 Credits: Google Security Team Affects: All FreeBSD releases Corrected: 2009-01-07 21:03:41 UTC (RELENG_7, 7.1-STABLE) 2009-01-07 20:17:55 UTC (RELENG_7_1, 7.1-RELEASE-p1) 2009-01-07 20:17:55 UTC (RELENG_7_0, 7.0-RELEASE-p8) 2009-01-07 20:17:55 UTC (RELENG_6, 6.4-STABLE) 2009-01-07 20:17:55 UTC (RELENG_6_4, 6.4-RELEASE-p2) 2009-01-07 20:17:55 UTC (RELENG_6_3, 6.3-RELEASE-p8) CVE Name: CVE-2008-5077
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.
II. Problem Description
The EVP_VerifyFinal() function from OpenSSL is used to determine if a digital signature is valid. This is only a problem for DSA and ECDSA keys.
III. Impact
For applications using OpenSSL for SSL connections, an invalid SSL certificate may be interpreted as valid. This could for example be used by an attacker to perform a man-in-the-middle attack.
Other applications which use the OpenSSL EVP API may similarly be affected.
IV. Workaround
For a server an RSA signed certificate may be used instead of DSA or ECDSA based certificate.
Note that Mozilla Firefox does not use OpenSSL and thus is not affected. Solution
Perform one of the following:
1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the RELENG_7_1, RELENG_7_0, RELENG_6_4, or RELENG_6_3 security branch dated after the correction date.
2) To patch your present system:
The following patches have been verified to apply to FreeBSD 6.3, 6.4, 7.0, and 7.1 systems.
a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.
[FreeBSD 7.x]
fetch http://security.FreeBSD.org/patches/SA-09:02/openssl.patch
fetch http://security.FreeBSD.org/patches/SA-09:02/openssl.patch.asc
[FreeBSD 6.x]
fetch http://security.FreeBSD.org/patches/SA-09:02/openssl6.patch
fetch http://security.FreeBSD.org/patches/SA-09:02/openssl6.patch.asc
b) Execute the following commands as root:
cd /usr/src
patch < /path/to/patch
cd /usr/src/secure/lib/libssl
make obj && make depend && make && make install
cd /usr/src/secure/usr.bin/openssl
make obj && make depend && make && make install
NOTE: On the amd64 platform, the above procedure will not update the
lib32 (i386 compatibility) libraries. On amd64 systems where the i386
compatibility libraries are used, the operating system should instead
be recompiled as described in
VI. Correction details
The following list contains the revision numbers of each file that was corrected in FreeBSD.
CVS:
Branch Revision Path
RELENG_6 src/crypto/openssl/apps/speed.c 1.13.2.1 src/crypto/openssl/apps/verify.c 1.1.1.5.12.1 src/crypto/openssl/apps/x509.c 1.1.1.10.2.1 src/crypto/openssl/apps/spkac.c 1.1.1.4.12.1 src/crypto/openssl/ssl/s2_srvr.c 1.12.2.1 src/crypto/openssl/ssl/s3_clnt.c 1.1.1.12.2.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.14.2.2 src/crypto/openssl/ssl/s2_clnt.c 1.13.2.2 RELENG_6_4 src/UPDATING 1.416.2.40.2.5 src/sys/conf/newvers.sh 1.69.2.18.2.8 src/crypto/openssl/apps/speed.c 1.13.12.1 src/crypto/openssl/apps/verify.c 1.1.1.5.24.1 src/crypto/openssl/apps/x509.c 1.1.1.10.12.1 src/crypto/openssl/apps/spkac.c 1.1.1.4.24.1 src/crypto/openssl/ssl/s2_srvr.c 1.12.12.1 src/crypto/openssl/ssl/s3_clnt.c 1.1.1.12.12.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.14.2.1.6.1 src/crypto/openssl/ssl/s2_clnt.c 1.13.2.1.6.1 RELENG_6_3 src/UPDATING 1.416.2.37.2.13 src/sys/conf/newvers.sh 1.69.2.15.2.12 src/crypto/openssl/apps/speed.c 1.13.10.1 src/crypto/openssl/apps/verify.c 1.1.1.5.22.1 src/crypto/openssl/apps/x509.c 1.1.1.10.10.1 src/crypto/openssl/apps/spkac.c 1.1.1.4.22.1 src/crypto/openssl/ssl/s2_srvr.c 1.12.10.1 src/crypto/openssl/ssl/s3_clnt.c 1.1.1.12.10.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.14.2.1.4.1 src/crypto/openssl/ssl/s2_clnt.c 1.13.2.1.4.1 RELENG_7 src/crypto/openssl/apps/speed.c 1.15.2.1 src/crypto/openssl/apps/verify.c 1.1.1.6.2.1 src/crypto/openssl/apps/x509.c 1.1.1.11.2.1 src/crypto/openssl/apps/spkac.c 1.1.1.5.2.1 src/crypto/openssl/ssl/s2_srvr.c 1.13.2.1 src/crypto/openssl/ssl/s3_clnt.c 1.1.1.14.2.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.17.2.1 src/crypto/openssl/ssl/ssltest.c 1.1.1.10.2.1 src/crypto/openssl/ssl/s2_clnt.c 1.15.2.1 RELENG_7_1 src/UPDATING 1.507.2.13.2.4 src/sys/conf/newvers.sh 1.72.2.9.2.5 src/crypto/openssl/apps/speed.c 1.15.6.1 src/crypto/openssl/apps/verify.c 1.1.1.6.6.1 src/crypto/openssl/apps/x509.c 1.1.1.11.6.1 src/crypto/openssl/apps/spkac.c 1.1.1.5.6.1 src/crypto/openssl/ssl/s2_srvr.c 1.13.6.1 src/crypto/openssl/ssl/s3_clnt.c 1.1.1.14.6.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.17.6.1 src/crypto/openssl/ssl/ssltest.c 1.1.1.10.6.1 src/crypto/openssl/ssl/s2_clnt.c 1.15.6.1 RELENG_7_0 src/UPDATING 1.507.2.3.2.12 src/sys/conf/newvers.sh 1.72.2.5.2.12 src/crypto/openssl/apps/speed.c 1.15.4.1 src/crypto/openssl/apps/verify.c 1.1.1.6.4.1 src/crypto/openssl/apps/x509.c 1.1.1.11.4.1 src/crypto/openssl/apps/spkac.c 1.1.1.5.4.1 src/crypto/openssl/ssl/s2_srvr.c 1.13.4.1 src/crypto/openssl/ssl/s3_clnt.c 1.1.1.14.4.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.17.4.1 src/crypto/openssl/ssl/ssltest.c 1.1.1.10.4.1 src/crypto/openssl/ssl/s2_clnt.c 1.15.4.1
Subversion:
Branch/path Revision
stable/6/ r186873 releng/6.4/ r186872 releng/6.3/ r186872 stable/7/ r186872 releng/7.1/ r186872 releng/7.0/ r186872
VII.
Release Date: 2009-05-14 Last Updated: 2009-05-14
Potential Security Impact: Remote cross site scripting (XSS), unauthorized access
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) for Linux and Windows running PHP and OpenSSL. These vulnerabilities could be exploited remotely to allow cross site scripting (XSS) and unauthorized access.
References: CVE-2008-5077, CVE-2008-5814
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP System Management Homepage (SMH) before v3.0.1.73 running on Linux and Windows 2003, 2008.
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2008-5077 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2008-5814 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6 =============================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002.
RESOLUTION
HP has provided System Management Homepage (SMH) v3.0.1.73 or subsequent to resolve these vulnerabilities. SMH vv3.0.1.73 is available from the following web sites:
HP System Management Homepage for Linux (x86) v3.0.1.73) can be downloaded from http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?swItem=MTX-b35b8e125d17427fa8a74e9ef6
HP System Management Homepage for Linux (AMD64/EM64T) v3.0.1.73 can be downloaded from http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?swItem=MTX-d7bcce2dc82d43daaec308eb40
HP System Management Homepage for Windows v3.0.1.73 can be downloaded from http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?swItem=MTX-8300d57bb5424791b0e61652e8
PRODUCT SPECIFIC INFORMATION None
HISTORY Version:1 (rev.1) - 14 May 2009 Initial Release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
\xa9Copyright 2009 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
VMware Security Advisory
Advisory ID: VMSA-2009-0004 Synopsis: ESX Service Console updates for openssl, bind, and vim Issue date: 2009-03-31 Updated on: 2009-03-31 (initial release of advisory) CVE numbers: CVE-2008-5077 CVE-2009-0025 CVE-2008-4101 CVE-2008-3432 CVE-2008-2712 CVE-2007-2953
- Summary
ESX patches for OpenSSL, vim and bind resolve several security issues.
- Relevant releases
VMware ESX 3.0.3 without patches ESX303-200903406-SG, ESX303-200903405-SG, ESX303-200903403-SG
VMware ESX 3.0.2 without patches ESX-1008409, ESX-1008408, ESX-1008406
Extended support for ESX 3.0.2 Update 1 ends on 2009-08-08. Users should plan to upgrade to ESX 3.0.3 and preferably to the newest release available.
- Problem Description
a. Updated OpenSSL package for the Service Console fixes a security issue.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2008-5077 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi 3.5 ESXi not affected
ESX 3.5 ESX affected, patch pending
ESX 3.0.3 ESX ESX303-200903406-SG
ESX 3.0.2 ESX ESX-1008409
ESX 2.5.5 ESX affected, patch pending
- hosted products are VMware Workstation, Player, ACE, Server, Fusion.
b. Update bind package for the Service Console fixes a security issue.
A flaw was discovered in the way Berkeley Internet Name Domain
(BIND) checked the return value of the OpenSSL DSA_do_verify
function.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-0025 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi 3.5 ESXi not affected
ESX 3.5 ESX affected, patch pending
ESX 3.0.3 ESX ESX303-200903405-SG
ESX 3.0.2 ESX ESX-1008408
ESX 2.5.5 ESX affected, patch pending
- hosted products are VMware Workstation, Player, ACE, Server, Fusion.
c. Updated vim package for the Service Console addresses several security issues.
Several input flaws were found in Visual editor IMproved's (Vim)
keyword and tag handling. If Vim looked up a document's maliciously
crafted tag or keyword, it was possible to execute arbitrary code as
the user running Vim.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2008-4101 to this issue.
A heap-based overflow flaw was discovered in Vim's expansion of file
name patterns with shell wildcards. An attacker could create a
specially crafted file or directory name, when opened by Vim causes
the application to stop responding or execute arbitrary code.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2008-3432 to this issue.
Several input flaws were found in various Vim system functions. If a
user opened a specially crafted file, it was possible to execute
arbitrary code as the user running Vim.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2008-2712 to this issue.
A format string flaw was discovered in Vim's help tag processor. If
a user was tricked into executing the "helptags" command on
malicious data, arbitrary code could be executed with the
permissions of the user running VIM.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2007-2953 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi 3.5 ESXi not affected
ESX 3.5 ESX affected, patch pending
ESX 3.0.3 ESX ESX303-200903403-SG
ESX 3.0.2 ESX ESX-1008406
ESX 2.5.5 ESX affected, patch pending
-
hosted products are VMware Workstation, Player, ACE, Server, Fusion.
-
Solution
Please review the patch/release notes for your product and version and verify the md5sum of your downloaded file.
ESX
ESX 3.0.2 ESX-1008409 (openssl) http://download3.vmware.com/software/vi/ESX-1008409.tgz md5sum: cb25fd47bc0713b968d8778c033bc846 http://kb.vmware.com/kb/1008409
ESX 3.0.2 ESX-1008408 (bind) http://download3.vmware.com/software/vi/ESX-1008408.tgz md5sum: b6bd9193892a9c89b9b7a1e0456d2a9a http://kb.vmware.com/kb/1008408
ESX 3.0.2 ESX-1008406 (vim) http://download3.vmware.com/software/vi/ESX-1008406.tgz md5sum: f069daa58190b39e431cedbd26ce25ef http://kb.vmware.com/kb/1008406
ESX 3.0.3 ESX303-200903406-SG (openssl) http://download3.vmware.com/software/vi/ESX303-200903406-SG.zip md5sum: 45a2d32f9267deb5e743366c38652c92 http://kb.vmware.com/kb/1008416
ESX 3.0.3 ESX303-200903405-SG (bind) http://download3.vmware.com/software/vi/ESX303-200903405-SG.zip md5sum: 34d00fd9cca7f3e08c0857b4cc254710 http://kb.vmware.com/kb/1008415
ESX 3.0.3 ESX303-200903403-SG (vim) http://download3.vmware.com/software/vi/ESX303-200903403-SG.zip md5sum: 9790c9512aef18beaf0d1c7d405bed1a http://kb.vmware.com/kb/1008413
- References
CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0025 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4101 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3432 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2712 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2953
- Change log
2009-03-31 VMSA-2009-0004 Initial security advisory after release of patches for ESX 3.0.2 and 3.0.3 on 2009-03-31.
- Contact
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
- security-announce at lists.vmware.com
- bugtraq at securityfocus.com
- full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055
VMware Security Center http://www.vmware.com/security
VMware security response policy http://www.vmware.com/support/policies/security_response.html
General support life cycle policy http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html
Copyright 2009 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (MingW32)
iD8DBQFJ0tgoS2KysvBH1xkRAiAbAJ4uG0NGavdQLzfxFyXnrxBQLqHl1QCdEf4q LA8+0sLvaS37smj8BQPdm0g= =ZVXY -----END PGP SIGNATURE----- .
This bug allows a malformed signature to be treated as a good signature rather than as an error.
A patch fixing the issue with proper return code checking and further important recommendations are described in the original OpenSSL Team advisory.
At the request of the OpenSSL team, oCERT has aided in the remediation coordination for other projects with similar API misuse vulnerabilities. In addition to EVP_VerifyFinal, the return codes from DSA_verify and DSA_do_verify functions were being incorrectly validated, and packages doing so are affected in a similar fashion as OpenSSL.
NTP <= 4.2.4p5 (production), <= 4.2.5p150 (development)
Sun GridEngine <= 5.3
Gale <= 0.99
OpenEvidence <= 1.0.6
Belgian eID middleware - eidlib <= 2.6.0 [2]
Freedom Network Server <= 2.x
The following packages were identified as affected by a vulnerability similar to the OpenSSL one, as they use OpenSSL DSA_verify function and incorrectly check the return code.
BIND <= 9.4.3
Lasso <= 2.2.1
ZXID <= 0.29
1 - use of OpenSSL as an SSL/TLS client when connecting to a server whose certificate uses an RSA key is NOT affected. Verification of client certificates by OpenSSL servers for any key type is NOT affected.
2 - Belgian eID middleware latest versions are not available in source form, therefore we cannot confirm if they are affected
Fixed version:
OpenSSL >= 0.9.8j
NTP >= 4.2.4p6 (production), >= 4.2.5p153 (development)
Sun GridEngine >= 6.0
Gale N/A
OpenEvidence N/A
Belgian eID middleware - eidlib N/A
Freedom Network Server N/A
BIND >= 9.3.6-P1, 9.4.3-P1, 9.5.1-P1, 9.6.0-P1
Lasso >= 2.2.2
ZXID N/A
Credit: Google Security Team (for the original OpenSSL issue).
CVE: CVE-2008-5077 (OpenSSL), CVE-2009-0021 (NTP), CVE-2009-0025 (BIND)
Timeline: 2008-12-16: OpenSSL Security Team requests coordination aid from oCERT 2008-12-16: oCERT investigates packages affected by similar issues 2008-12-16: contacted affected vendors 2008-12-17: investigation expanded to DSA verification 2008-12-17: BIND, Lasso and ZXID added to affected packages 2008-12-18: contacted additional affected vendors 2009-01-05: status updates and patch dissemination to affected vendors 2009-01-05: confirmation from BIND of issue and fix 2009-01-06: requested CVE assignment for BIND 2009-01-07: advisory published
References: http://openssl.org/news/secadv_20090107.txt
Links: http://openssl.org/ http://www.ntp.org/ http://gridengine.sunsource.net/ http://gale.org/ http://www.openevidence.org/ http://eid.belgium.be/ http://www.google.com/codesearch/p?#1vGzyQX--LU/achilles/remailer/zero-knowledge/freedomserver-2.x.tgz/ https://www.isc.org/products/BIND http://lasso.entrouvert.org/ http://www.zxid.org/
Permalink: http://www.ocert.org/advisories/ocert-2008-016.html
-- Will Drewry redpig@ocert.org oCERT Team :: http://ocert.org .
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077
Updated Packages:
Mandriva Linux 2008.0: 6585e08eab279e6a249630385683bf43 2008.0/i586/libopenssl0.9.8-0.9.8e-8.2mdv2008.0.i586.rpm b5955c2c0a2cc24abd9f5f3ebc7d0148 2008.0/i586/libopenssl0.9.8-devel-0.9.8e-8.2mdv2008.0.i586.rpm 7c92323d7aa583b936ef908f3f6ac867 2008.0/i586/libopenssl0.9.8-static-devel-0.9.8e-8.2mdv2008.0.i586.rpm 2b791168311c3ecba4f8b7acd24e64ab 2008.0/i586/openssl-0.9.8e-8.2mdv2008.0.i586.rpm cf51c48e4c05ac5357f6076fbaeff0a5 2008.0/SRPMS/openssl-0.9.8e-8.2mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64: 6259ac00622227eee59f888bc516bc3a 2008.0/x86_64/lib64openssl0.9.8-0.9.8e-8.2mdv2008.0.x86_64.rpm fe745327c1bbb599e025a5b90bb05817 2008.0/x86_64/lib64openssl0.9.8-devel-0.9.8e-8.2mdv2008.0.x86_64.rpm bdb7113b06aab0c4d77cbf86bcf208c2 2008.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8e-8.2mdv2008.0.x86_64.rpm d4fda198a80b88c7caaf947af0866df8 2008.0/x86_64/openssl-0.9.8e-8.2mdv2008.0.x86_64.rpm cf51c48e4c05ac5357f6076fbaeff0a5 2008.0/SRPMS/openssl-0.9.8e-8.2mdv2008.0.src.rpm
Mandriva Linux 2008.1: 4a0be98cd3fb82a22e3836c5ae81ed37 2008.1/i586/libopenssl0.9.8-0.9.8g-4.2mdv2008.1.i586.rpm 277058ecc1d26d24bf4da5ea27d4a31f 2008.1/i586/libopenssl0.9.8-devel-0.9.8g-4.2mdv2008.1.i586.rpm 29b08a5a233f1987c4ca98aaa4e97ac5 2008.1/i586/libopenssl0.9.8-static-devel-0.9.8g-4.2mdv2008.1.i586.rpm e47be879abc0c089a8f380469a6a62c8 2008.1/i586/openssl-0.9.8g-4.2mdv2008.1.i586.rpm 7395d0e10c1938be16261baba05da55c 2008.1/SRPMS/openssl-0.9.8g-4.2mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64: 71a69804b928a9f7856f65fee332c5ab 2008.1/x86_64/lib64openssl0.9.8-0.9.8g-4.2mdv2008.1.x86_64.rpm e9c5d1d4895a5a679945bde62df6f988 2008.1/x86_64/lib64openssl0.9.8-devel-0.9.8g-4.2mdv2008.1.x86_64.rpm 7f2d66839f93e2083dcd1b1f27ca4ddf 2008.1/x86_64/lib64openssl0.9.8-static-devel-0.9.8g-4.2mdv2008.1.x86_64.rpm 40408ffdf13faa6c79b28c764bb88b22 2008.1/x86_64/openssl-0.9.8g-4.2mdv2008.1.x86_64.rpm 7395d0e10c1938be16261baba05da55c 2008.1/SRPMS/openssl-0.9.8g-4.2mdv2008.1.src.rpm
Mandriva Linux 2009.0: 2512f6a41e9a8e7bcff53e5737029689 2009.0/i586/libopenssl0.9.8-0.9.8h-3.1mdv2009.0.i586.rpm d7774faaed2866da5bb05cbcf07604da 2009.0/i586/libopenssl0.9.8-devel-0.9.8h-3.1mdv2009.0.i586.rpm ed99160bdf1ce33fa81dc47c71915318 2009.0/i586/libopenssl0.9.8-static-devel-0.9.8h-3.1mdv2009.0.i586.rpm 6116fafed014596ee1e6ec43db93133f 2009.0/i586/openssl-0.9.8h-3.1mdv2009.0.i586.rpm 8ad6b0d8aff3bb992d716668450aef3a 2009.0/SRPMS/openssl-0.9.8h-3.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64: d2cc04fc0bdaeea8e4cc5d7ab4e997fd 2009.0/x86_64/lib64openssl0.9.8-0.9.8h-3.1mdv2009.0.x86_64.rpm b537da3113c75f87c4fa8d66be2d6797 2009.0/x86_64/lib64openssl0.9.8-devel-0.9.8h-3.1mdv2009.0.x86_64.rpm ef9add2bec302b324b9c0690cf79b57c 2009.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8h-3.1mdv2009.0.x86_64.rpm 16b8c11f4d6dedf2e4176bfc55607c15 2009.0/x86_64/openssl-0.9.8h-3.1mdv2009.0.x86_64.rpm 8ad6b0d8aff3bb992d716668450aef3a 2009.0/SRPMS/openssl-0.9.8h-3.1mdv2009.0.src.rpm
Corporate 3.0: 5e8f4b7c1e646d0e16af2d83238a011b corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.9.C30mdk.i586.rpm 5115d911b9a6842fd0c3495429c7c2f2 corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.9.C30mdk.i586.rpm b934b4f9686deef6cb1eba750ab36288 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.9.C30mdk.i586.rpm 11ec8a4df261d4d4fa9957d33be08604 corporate/3.0/i586/openssl-0.9.7c-3.9.C30mdk.i586.rpm dcd1a4feb1a04302c54465dce7c7c506 corporate/3.0/SRPMS/openssl-0.9.7c-3.9.C30mdk.src.rpm
Corporate 3.0/X86_64: 64521521330df90b42c9c37cafe50b54 corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.9.C30mdk.x86_64.rpm 3a85c30c0511e42ec76c80e08efe5192 corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.9.C30mdk.x86_64.rpm 12af66f30c5022d8d29b57a9131458c3 corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.9.C30mdk.x86_64.rpm 62f5c54be99ddc9458670ae04b24d3f0 corporate/3.0/x86_64/openssl-0.9.7c-3.9.C30mdk.x86_64.rpm dcd1a4feb1a04302c54465dce7c7c506 corporate/3.0/SRPMS/openssl-0.9.7c-3.9.C30mdk.src.rpm
Corporate 4.0: 60c64d9ead2b01fb39058a705fcb95dc corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.7.20060mlcs4.i586.rpm fb4d5555c211b375707bf7d194e74776 corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.7.20060mlcs4.i586.rpm c13ff967b4310e5a790e85595f940b7e corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.7.20060mlcs4.i586.rpm e9a96a389c00ee674d689e3747c3e501 corporate/4.0/i586/openssl-0.9.7g-2.7.20060mlcs4.i586.rpm 4df38ebd98b467bdee0d4a24d3b0158f corporate/4.0/SRPMS/openssl-0.9.7g-2.7.20060mlcs4.src.rpm
Corporate 4.0/X86_64: de71d0bbc98589afdf03b7a99aad7103 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.7.20060mlcs4.x86_64.rpm 0c330148b55987e50f491c7e4d3b65a5 corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.7.20060mlcs4.x86_64.rpm ce64720b2685fada3e88a5725c43b532 corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.7.20060mlcs4.x86_64.rpm 29f0f40602184d7f366e1d1d8e5c03e4 corporate/4.0/x86_64/openssl-0.9.7g-2.7.20060mlcs4.x86_64.rpm 4df38ebd98b467bdee0d4a24d3b0158f corporate/4.0/SRPMS/openssl-0.9.7g-2.7.20060mlcs4.src.rpm
Multi Network Firewall 2.0: 74a4beac1c01f9fd888dd5eea356f7be mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.9.C30mdk.i586.rpm c809a08f26051c7a3931ccda00c94429 mnf/2.0/i586/openssl-0.9.7c-3.9.C30mdk.i586.rpm 8ae9f7004b77dca2317980ba4215dc92 mnf/2.0/SRPMS/openssl-0.9.7c-3.9.C30mdk.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFJZqIYmqjQ0CJFipgRAqRNAKDNNvWgsIk0/eh5f8539zOJ7dtnnQCeJezP ZE8i9Ju80WcdhXe9yIoPevE= =9n1t -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . HP SSL v1.3 for OpenVMS Alpha (v 8.2 or higher) and Integrity (v 8.2-1 or higher)
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200901-0714", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.3" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.1c" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.6" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.5" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.3a" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.2b" }, { "model": "openssl", "scope": "eq", "trust": 1.6, "vendor": "openssl", "version": "0.9.4" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6m" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6j" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6f" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6g" }, { "model": "openssl", "scope": "lte", "trust": 1.0, "vendor": "openssl", "version": "0.9.8h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7l" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.5a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6a" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8d" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8e" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7h" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7k" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7g" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7i" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.7c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.8b" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6c" }, { "model": "openssl", "scope": "eq", "trust": 1.0, "vendor": "openssl", "version": "0.9.6b" }, { "model": null, "scope": null, "trust": 0.6, "vendor": "no", "version": null }, { "model": "openssl", "scope": "eq", "trust": 0.6, "vendor": "openssl", "version": "0.9.8h" }, { "model": "bind a1", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.5" }, { "model": "bigip application security manager", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "10.0.1" }, { "model": "opensolaris build snv 95", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "firewall", "scope": "eq", "trust": 0.3, "vendor": "ingate", "version": "4.3" }, { "model": "siparator", "scope": "eq", "trust": 0.3, "vendor": "ingate", "version": "4.4" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.6" }, { "model": "project openssl 0.9.8f", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.6" }, { "model": "opensolaris build snv 93", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "email and web security appliance", "scope": "eq", "trust": 0.3, "vendor": "mcafee", "version": "5.6" }, { "model": "networks enterprise voip tm-cs1000", "scope": null, "trust": 0.3, "vendor": "nortel", "version": null }, { "model": "networks vpn router contivity", "scope": "eq", "trust": 0.3, "vendor": "nortel", "version": "-26000" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "project openssl g", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "pfsense 1.2-rc4", "scope": null, "trust": 0.3, "vendor": "bsdperimeter", "version": null }, { "model": "networks switched firewall series", "scope": "eq", "trust": 0.3, "vendor": "nortel", "version": "5700" }, { "model": "big-ip local traffic manager", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "10.0.1" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.5" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.4" }, { "model": "linux enterprise sp2 debuginfo", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "enterprise linux es", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "firepass", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "7.0" }, { "model": "appliance server hosting edition", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "1.0" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.4" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "mac os server", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.5.7" }, { "model": "cwrsync", "scope": "eq", "trust": 0.3, "vendor": "cwrsync", "version": "2.0.9" }, { "model": "bind a5", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.4" }, { "model": "opensolaris build snv 99", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "bind b3", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.4" }, { "model": "firewall", "scope": "eq", "trust": 0.3, "vendor": "ingate", "version": "4.6.4" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.7" }, { "model": "bind b4", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.4" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "cwrsync", "scope": "eq", "trust": 0.3, "vendor": "cwrsync", "version": "2.1.3" }, { "model": "project openssl b-36.8", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.4.3" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2008.1" }, { "model": "bigip global traffic manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "9.3.1" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.06" }, { "model": "grid engine", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "5.3" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.5" }, { "model": "opensolaris build snv 100", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.3.2" }, { "model": "wanjet", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.2" }, { "model": "linux alpha", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "enterprise linux es", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "networks vpn router", "scope": "eq", "trust": 0.3, "vendor": "nortel", "version": "2210" }, { "model": "linux mipsel", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.1" }, { "model": "bind -p1", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.2.6" }, { "model": "bigip application security manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "sparc enterprise m3000", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.2" }, { "model": "linux enterprise server", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "8" }, { "model": "cwrsync", "scope": "eq", "trust": 0.3, "vendor": "cwrsync", "version": "2.1.4" }, { "model": "firewall", "scope": "eq", "trust": 0.3, "vendor": "ingate", "version": "4.2.3" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.3" }, { "model": "firepass", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.0.2.3" }, { "model": "linux enterprise server sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "9.1" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.6" }, { "model": "cwrsync", "scope": "eq", "trust": 0.3, "vendor": "cwrsync", "version": "2.1.1" }, { "model": "opensolaris build snv 85", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 19", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "appliance server workgroup edition", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "1.0" }, { "model": "siparator", "scope": "eq", "trust": 0.3, "vendor": "ingate", "version": "4.2.1" }, { "model": "opensolaris build snv 45", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "-prerelease", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.6" }, { "model": "big-ip local traffic manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0.0.52" }, { "model": "sparc enterprise m9000", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 78", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "esx server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.5" }, { "model": "siparator", "scope": "eq", "trust": 0.3, "vendor": "ingate", "version": "4.5.1" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "bind 9.5.0a7", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.4" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "communication manager server definity server si/cs", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "firepass", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.0.3" }, { "model": "bigip application security manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "9.3.1" }, { "model": "bind b1", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.2.7" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.4" }, { "model": "opensolaris build snv 89", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 39", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.6" }, { "model": "message networking mn", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1" }, { "model": "project openssl g", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "wizpy", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "0" }, { "model": "open-enterprise-server", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "0" }, { "model": "enterprise linux as", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "3" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "-release-p8", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.3" }, { "model": "siparator", "scope": "eq", "trust": 0.3, "vendor": "ingate", "version": "3.2.1" }, { "model": "bigip global traffic manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "9.4.8" }, { "model": "opensolaris build snv 90", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 68", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "bind a4", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.4" }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "grid engine sun linux", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "5.3" }, { "model": "big-ip local traffic manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "9.3.1" }, { "model": "bind 9.5.0a6", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "opensolaris build snv 67", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "networks vpn router", "scope": "eq", "trust": 0.3, "vendor": "nortel", "version": "1050" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.10" }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "networks ssl vpn module", "scope": "eq", "trust": 0.3, "vendor": "nortel", "version": "10000" }, { "model": "client", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "2008" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.5" }, { "model": "firewall", "scope": "eq", "trust": 0.3, "vendor": "ingate", "version": "4.3.4" }, { "model": "big-ip local traffic manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "9.4" }, { "model": "p6", "scope": "ne", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "grid engine", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "5.3x86" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.3.5" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.3" }, { "model": "siparator", "scope": "eq", "trust": 0.3, "vendor": "ingate", "version": "4.3" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.1" }, { "model": "opensolaris build snv 77", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 61", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.2" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "9.4" }, { "model": "circle", "scope": "eq", "trust": 0.3, "vendor": "voodoo", "version": "1.1" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2009.0" }, { "model": "communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0.1" }, { "model": "firewall", "scope": "eq", "trust": 0.3, "vendor": "ingate", "version": "4.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.3" }, { "model": "opensolaris build snv 82", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "bind 9.5.0-p2-w1", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "7.0-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "opensolaris build snv 29", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.1" }, { "model": "bind rc2", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.2.7" }, { "model": "siparator", "scope": "ne", "trust": 0.3, "vendor": "ingate", "version": "4.7.1" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "firewalll", "scope": "eq", "trust": 0.3, "vendor": "ingate", "version": "4.4" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.2" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "10.3" }, { "model": "multi network firewall", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "2.0" }, { "model": "ssl for openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.3" }, { "model": "bind a1", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.4" }, { "model": "7.0-release-p8", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.3" }, { "model": "bigip application security manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "9.4.8" }, { "model": "bind rc1", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.2.7" }, { "model": "bigip global traffic manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "9.3" }, { "model": "firepass", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "rpath", "version": "1" }, { "model": "corporate server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "4.0" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.4.1" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.3.6" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.9.1" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.3.4" }, { "model": "bind 9.4.2-p2", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "circle", "scope": "ne", "trust": 0.3, "vendor": "voodoo", "version": "1.1.34" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "12.2" }, { "model": "networks switched firewall series", "scope": "eq", "trust": 0.3, "vendor": "nortel", "version": "5400" }, { "model": "pfsense", "scope": "ne", "trust": 0.3, "vendor": "bsdperimeter", "version": "1.2.2" }, { "model": "pfsense", "scope": "eq", "trust": 0.3, "vendor": "bsdperimeter", "version": "1.2.1" }, { "model": "networks switched firewall series", "scope": "eq", "trust": 0.3, "vendor": "nortel", "version": "6600" }, { "model": "bind 9.4.2-p2-w2", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "siparator", "scope": "eq", "trust": 0.3, "vendor": "ingate", "version": "4.6.4" }, { "model": "email and web security appliance patch", "scope": "ne", "trust": 0.3, "vendor": "mcafee", "version": "5.65" }, { "model": "system management homepage", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "3.0.1.73" }, { "model": "communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "big-ip local traffic manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "9.4.8" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.6" }, { "model": "7.1-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.2" }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.11" }, { "model": "networks cs", "scope": "eq", "trust": 0.3, "vendor": "nortel", "version": "1000" }, { "model": "big-ip webaccelerator", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "9.4.8" }, { "model": "opensolaris build snv 105", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.8" }, { "model": "-pre-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.1" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.06" }, { "model": "linux enterprise sdk sp2", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "messaging storage server", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "bigip sam", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "8.0" }, { "model": "opensolaris build snv 88", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.4" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2008.0" }, { "model": "sparc t3-1b", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "0" }, { "model": "firewall", "scope": "eq", "trust": 0.3, "vendor": "ingate", "version": "4.3.3" }, { "model": "project openssl j", "scope": "ne", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.3.3" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.2.2" }, { "model": "siparator", "scope": "eq", "trust": 0.3, "vendor": "ingate", "version": "4.2.3" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "0" }, { "model": "linux lts sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4" }, { "model": "sparc enterprise m5000", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.5" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2" }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "firewall", "scope": "ne", "trust": 0.3, "vendor": "ingate", "version": "4.7.1" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.0" }, { "model": "opensolaris build snv 59", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "8.1" }, { "model": "fuji", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "0" }, { "model": "communication manager server s8300", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "firewall", "scope": "eq", "trust": 0.3, "vendor": "ingate", "version": "4.6.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "12.1" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "9.4.8" }, { "model": "corporate server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "3.0" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.1.2" }, { "model": "radio relay league tqsllib", "scope": "eq", "trust": 0.3, "vendor": "american", "version": "2.0" }, { "model": "bind 9.5.0a3", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.10" }, { "model": "sparc t3-2", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "0" }, { "model": "corporate server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "4.0" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.0.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "project openssl 0.9.8g", "scope": null, "trust": 0.3, "vendor": "openssl", "version": null }, { "model": "firewall", "scope": "eq", "trust": 0.3, "vendor": "ingate", "version": "4.1.3" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "1.6" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.3" }, { "model": "solaris 10 sparc", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 96", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.0" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.10" }, { "model": "appliance platform linux service", "scope": "eq", "trust": 0.3, "vendor": "rpath", "version": "1" }, { "model": "netra sparc t3-1b", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5" }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "networks self-service mps", "scope": "eq", "trust": 0.3, "vendor": "nortel", "version": "5000" }, { "model": "linux enterprise server sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.1.1" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "bind 9.5.0b2", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1" }, { "model": "communication manager server s8700", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "gale", "scope": "eq", "trust": 0.3, "vendor": "gale", "version": "0.99" }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1" }, { "model": "opensolaris build snv 36", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.6" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.1" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "linux enterprise server", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "9" }, { "model": "esx server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.0.3" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "-release-p1", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.8" }, { "model": "siparator", "scope": "eq", "trust": 0.3, "vendor": "ingate", "version": "4.3.4" }, { "model": "opensolaris build snv 94", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1.3" }, { "model": "bind a2", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.4" }, { "model": "novell linux desktop", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "9.0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.10" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.3" }, { "model": "firepass", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "5.5" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2008.1" }, { "model": "esx server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.8" }, { "model": "enterprise linux ws", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.3.1" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "1.4" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "9.3" }, { "model": "siparator", "scope": "eq", "trust": 0.3, "vendor": "ingate", "version": "4.6" }, { "model": "-release-p6", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.3" }, { "model": "bind 9.4.3-p1", "scope": "ne", "trust": 0.3, "vendor": "isc", "version": null }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.1" }, { "model": "project openssl l", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "wanjet", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "5.0.2" }, { "model": "opensolaris build snv 50", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2.8" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.4" }, { "model": "networks vpn router", "scope": "eq", "trust": 0.3, "vendor": "nortel", "version": "2700" }, { "model": "networks vpn router", "scope": "eq", "trust": 0.3, "vendor": "nortel", "version": "1740" }, { "model": "corporate server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "3.0" }, { "model": "networks vpn router", "scope": "eq", "trust": 0.3, "vendor": "nortel", "version": "1010" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1.6" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1.4" }, { "model": "project openssl h", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "communication manager server s8500", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "server", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "10.0.0x64" }, { "model": "bind a3", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.4" }, { "model": "bind 9.5.1b1", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.1" }, { "model": "project openssl i", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "opensolaris build snv 01", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "bind rc2", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.4" }, { "model": "opensolaris build snv 92", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "mac os", "scope": "ne", "trust": 0.3, "vendor": "apple", "version": "x10.5.7" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "rpath", "version": "2" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1.5" }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "9.4.8" }, { "model": "opensolaris build snv 83", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "siparator", "scope": "eq", "trust": 0.3, "vendor": "ingate", "version": "4.5.2" }, { "model": "opensolaris build snv 106", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "networks vpn router contivity", "scope": "eq", "trust": 0.3, "vendor": "nortel", "version": "-45000" }, { "model": "networks switched firewall series", "scope": "eq", "trust": 0.3, "vendor": "nortel", "version": "5300" }, { "model": "firewall", "scope": "eq", "trust": 0.3, "vendor": "ingate", "version": "4.2.2" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.2.1" }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "project openssl beta2", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "enterprise linux ws", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "6.4-release-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "server", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "11x64" }, { "model": "esx server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.0.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.10" }, { "model": "networks vpn router contivity", "scope": "eq", "trust": 0.3, "vendor": "nortel", "version": "-46000" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.4" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "9.0" }, { "model": "bind 9.5.0-p2", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "bind 9.6.0-p1", "scope": "ne", "trust": 0.3, "vendor": "isc", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.0.2" }, { "model": "networks vpn router", "scope": "eq", "trust": 0.3, "vendor": "nortel", "version": "17500" }, { "model": "firepass", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.0.2" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "pardus", "version": "20080" }, { "model": "personal", "scope": null, "trust": 0.3, "vendor": "turbolinux", "version": null }, { "model": "networks self-service peri application", "scope": "eq", "trust": 0.3, "vendor": "nortel", "version": "0" }, { "model": "enterprise linux es", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "3" }, { "model": "cwrsync", "scope": "eq", "trust": 0.3, "vendor": "cwrsync", "version": "3.0" }, { "model": "siparator", "scope": "eq", "trust": 0.3, "vendor": "ingate", "version": "4.3.3" }, { "model": "communication manager sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.1" }, { "model": "opensolaris build snv 76", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "project openssl a", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.0" }, { "model": "7.0-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "opensolaris build snv 101a", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "communication manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0.3" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.10" }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "opensolaris build snv 87", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.2.8" }, { "model": "project openssl c", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.2" }, { "model": "siparator", "scope": "eq", "trust": 0.3, "vendor": "ingate", "version": "4.6.1" }, { "model": "networks vpn router", "scope": "eq", "trust": 0.3, "vendor": "nortel", "version": "5000" }, { "model": "wanjet", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.2.8" }, { "model": "appliance server", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "2.0" }, { "model": "firepass", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "5.5.2" }, { "model": "bind 9.5.0b1", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "linux lpia", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "7.10" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2009.0" }, { "model": "firewall", "scope": "eq", "trust": 0.3, "vendor": "ingate", "version": "4.5.2" }, { "model": "bind p1", "scope": "ne", "trust": 0.3, "vendor": "isc", "version": "9.3.6" }, { "model": "big-ip psm", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "9.4.5" }, { "model": "bind 9.5.0a5", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "networks vpn router", "scope": null, "trust": 0.3, "vendor": "nortel", "version": null }, { "model": "opensolaris build snv 57", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.4" }, { "model": "project openssl l", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.0" }, { "model": "firepass", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.0" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.2.5" }, { "model": "linux enterprise desktop sp2", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "appliance platform linux service", "scope": "eq", "trust": 0.3, "vendor": "rpath", "version": "2" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.0" }, { "model": "meeting exchange enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "linux lts sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.06" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "10.1" }, { "model": "communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.1" }, { "model": "siparator", "scope": "eq", "trust": 0.3, "vendor": "ingate", "version": "4.3.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "10.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.10" }, { "model": "eid middleware", "scope": "eq", "trust": 0.3, "vendor": "belgium", "version": "2.6" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1.1" }, { "model": "sparc enterprise m8000", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "project openssl d", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "firewall", "scope": "eq", "trust": 0.3, "vendor": "ingate", "version": "4.4.1" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1" }, { "model": "bind rc3", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.2.7" }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.5" }, { "model": "linux lts lpia", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "enterprise linux as ia64", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "networks vpn", "scope": "eq", "trust": 0.3, "vendor": "nortel", "version": "30500" }, { "model": "bigip application security manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "9.3" }, { "model": "sparc t3-4", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "0" }, { "model": "wanjet", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "5.0" }, { "model": "grid engine 32-bit sparc", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "5.3" }, { "model": "enterprise linux as", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.2.6" }, { "model": "firewall", "scope": "eq", "trust": 0.3, "vendor": "ingate", "version": "3.3.1" }, { "model": "linux m68k", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "cwrsync", "scope": "ne", "trust": 0.3, "vendor": "cwrsync", "version": "3.0.1" }, { "model": "networks vpn router", "scope": "eq", "trust": 0.3, "vendor": "nortel", "version": "2510" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.3" }, { "model": "firewall", "scope": "eq", "trust": 0.3, "vendor": "ingate", "version": "4.3.2" }, { "model": "bind 9.4.2-p2-w1", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.9" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "big-ip local traffic manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "9.3" }, { "model": "openbsd", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "4.4" }, { "model": "esx server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.5.5" }, { "model": "bind -p1", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.4.1" }, { "model": "linux hppa", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "networks self-service mps", "scope": "eq", "trust": 0.3, "vendor": "nortel", "version": "10000" }, { "model": "project openssl f", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "1.8" }, { "model": "bigip global traffic manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "networks vpn", "scope": "eq", "trust": 0.3, "vendor": "nortel", "version": "30700" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.2.4" }, { "model": "opensolaris build snv 102", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "project openssl", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "opensolaris build snv 02", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "siparator", "scope": "eq", "trust": 0.3, "vendor": "ingate", "version": "4.2.2" }, { "model": "enterprise manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "1.4.1" }, { "model": "linux enterprise teradata sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "pfsense 1.2-rc3", "scope": null, "trust": 0.3, "vendor": "bsdperimeter", "version": null }, { "model": "firewall", "scope": "eq", "trust": 0.3, "vendor": "ingate", "version": "4.3.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.7" }, { "model": "bind b1", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.4" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.10" }, { "model": "firewall", "scope": "eq", "trust": 0.3, "vendor": "ingate", "version": "3.2" }, { "model": "enterprise linux es ia64", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "opensolaris build snv 80", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "enterprise linux as", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "siparator", "scope": "eq", "trust": 0.3, "vendor": "ingate", "version": "3.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.11" }, { "model": "firepass", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "6.0.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "communication manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1.4" }, { "model": "p5", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "big-ip local traffic manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "9.6.1" }, { "model": "opensolaris build snv 104", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "communication manager server s8100", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "big-ip wan optimization module", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "10.0.1" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.10" }, { "model": "netra sparc t3-1", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "0" }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.2" }, { "model": "p153", "scope": "ne", "trust": 0.3, "vendor": "ntp", "version": "4.2.5" }, { "model": "linux enterprise server", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "opensolaris build snv 107", "scope": "ne", "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "12.0" }, { "model": "wanjet", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "4.2.16" }, { "model": "sparc t3-1", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "0" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.2.3" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "10.0" }, { "model": "bind b2", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.4" }, { "model": "linux lts powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.06" }, { "model": "cwrsync", "scope": "eq", "trust": 0.3, "vendor": "cwrsync", "version": "2.1" }, { "model": "beta4", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.0" }, { "model": "server", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "11" }, { "model": "project openssl beta3", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.4" }, { "model": "bigip global traffic manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "9.4" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.5" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.1" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.10" }, { "model": "intuity audix lx", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0" }, { "model": "linux lts powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "opensolaris build snv 84", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "enterprise linux ws ia64", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "2.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "11.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.9" }, { "model": "project openssl m", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "linux enterprise server sp2", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "messaging storage server mm3.0", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "grid engine 64-bit sparc", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "5.3" }, { "model": "p150", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.5" }, { "model": "communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.3.1" }, { "model": "networks vpn router", "scope": "eq", "trust": 0.3, "vendor": "nortel", "version": "1700" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.0" }, { "model": "bind rc1", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.4" }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "firewall", "scope": "eq", "trust": 0.3, "vendor": "ingate", "version": "3.1" }, { "model": "grid engine", "scope": "ne", "trust": 0.3, "vendor": "sun", "version": "6.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.7" }, { "model": "project openssl e", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.8" }, { "model": "linux enterprise desktop sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "pfsense 1.2-rc1", "scope": null, "trust": 0.3, "vendor": "bsdperimeter", "version": null }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "big-ip wan optimization module", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4.0" }, { "model": "bind p1", "scope": "ne", "trust": 0.3, "vendor": "isc", "version": "9.5.1" }, { "model": "bind a2", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.5" }, { "model": "bind a6", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.4" }, { "model": "opensolaris build snv 22", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "bind 9.5.0a4", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.2" }, { "model": "opensolaris build snv 81", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "siparator", "scope": "eq", "trust": 0.3, "vendor": "ingate", "version": "4.4.1" }, { "model": "message networking", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "bigip application security manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "9.4" }, { "model": "opensolaris build snv 103", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "big-ip local traffic manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "9.6" }, { "model": "communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.2" }, { "model": "pfsense", "scope": "eq", "trust": 0.3, "vendor": "bsdperimeter", "version": "1.2" }, { "model": "server", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "8.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "cwrsync", "scope": "eq", "trust": 0.3, "vendor": "cwrsync", "version": "2.1.2" }, { "model": "communication manager server definity server r10", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "pfsense 1.2-rc2", "scope": null, "trust": 0.3, "vendor": "bsdperimeter", "version": null }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "sparc enterprise m4000", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "cwrsync", "scope": "eq", "trust": 0.3, "vendor": "cwrsync", "version": "2.0.10" }, { "model": "siparator", "scope": "eq", "trust": 0.3, "vendor": "ingate", "version": "3.3.1" }, { "model": "bind 9.5.0-p2-w2", "scope": null, "trust": 0.3, "vendor": "isc", "version": null }, { "model": "project openssl k", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.2.7" }, { "model": "opensolaris build snv 13", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "firewall", "scope": "eq", "trust": 0.3, "vendor": "ingate", "version": "4.2.1" }, { "model": "siparator", "scope": "eq", "trust": 0.3, "vendor": "ingate", "version": "4.3.2" }, { "model": "server", "scope": "eq", "trust": 0.3, "vendor": "turbolinux", "version": "10.0" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "openbsd", "scope": "eq", "trust": 0.3, "vendor": "openbsd", "version": "4.3" }, { "model": "opensolaris build snv 91", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.9" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.1" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "bigip global traffic manager", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "10.0.1" }, { "model": "opensolaris build snv 47", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "novell linux pos", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "9" }, { "model": "bind -p2", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.2.6" }, { "model": "opensolaris build snv 64", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "firewall", "scope": "eq", "trust": 0.3, "vendor": "ingate", "version": "4.5.1" }, { "model": "project openssl beta1", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.7" }, { "model": "opensolaris build snv 101", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.0" }, { "model": "communication manager server definity server r9", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "linux armel", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.0" }, { "model": "enterprise linux ws", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "3" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "9.3.1" }, { "model": "solaris 10 x86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "3.0" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.3" }, { "model": "siparator", "scope": "eq", "trust": 0.3, "vendor": "ingate", "version": "3.2" }, { "model": "enterprise manager", "scope": "ne", "trust": 0.3, "vendor": "f5", "version": "2.0" }, { "model": "cwrsync", "scope": "eq", "trust": 0.3, "vendor": "cwrsync", "version": "2.1.5" }, { "model": "system management homepage", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1.4" }, { "model": "linux lpia", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.10" }, { "model": "enterprise linux desktop workstation client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "bind", "scope": "eq", "trust": 0.3, "vendor": "isc", "version": "9.1.3" }, { "model": "networks vpn router", "scope": "eq", "trust": 0.3, "vendor": "nortel", "version": "1100" }, { "model": "linux enterprise desktop sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.3" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2008.0" }, { "model": "firewall", "scope": "eq", "trust": 0.3, "vendor": "ingate", "version": "3.2.1" }, { "model": "project openssl m", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "intuity audix lx", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "big-ip link controller", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "9.4" }, { "model": "communication manager server definity server r11", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "project openssl b", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.4.2" }, { "model": "project openssl j", "scope": "eq", "trust": 0.3, "vendor": "openssl", "version": "0.9.6" }, { "model": "networks switched firewall series", "scope": "eq", "trust": 0.3, "vendor": "nortel", "version": "6400" }, { "model": "multimedia", "scope": null, "trust": 0.3, "vendor": "turbolinux", "version": null }, { "model": "opensolaris build snv 86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null } ], "sources": [ { "db": "CNVD", "id": "CNVD-2010-0376" }, { "db": "BID", "id": "33150" }, { "db": "CNNVD", "id": "CNNVD-200901-055" }, { "db": "NVD", "id": "CVE-2008-5077" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta6:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.3a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "0.9.8h", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:beta2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2008-5077" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Google Security Team", "sources": [ { "db": "BID", "id": "33150" }, { "db": "CNNVD", "id": "CNNVD-200901-055" } ], "trust": 0.9 }, "cve": "CVE-2008-5077", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "impactScore": 4.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2008-5077", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-200901-055", "trust": 0.6, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CNNVD", "id": "CNNVD-200901-055" }, { "db": "NVD", "id": "CVE-2008-5077" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys. F5\u0027s FirePass server is a powerful network device that can provide users with secure access to the company\u0027s network through any standard web browser. F5 FirePass products have unidentified security vulnerabilities, allowing malicious users to conduct fraud and forgery attacks. OpenSSL is prone to a signature-verification vulnerability. \nAn attacker would likely leverage this issue to conduct phishing attacks or impersonate legitimate sites. Other attacks are also possible. \nReleases prior to OpenSSL 0.9.8j are affected. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=============================================================================\nFreeBSD-SA-09:02.openssl Security Advisory\n The FreeBSD Project\n\nTopic: OpenSSL incorrectly checks for malformed signatures\n\nCategory: contrib\nModule: openssl\nAnnounced: 2009-01-07\nCredits: Google Security Team\nAffects: All FreeBSD releases\nCorrected: 2009-01-07 21:03:41 UTC (RELENG_7, 7.1-STABLE)\n 2009-01-07 20:17:55 UTC (RELENG_7_1, 7.1-RELEASE-p1)\n 2009-01-07 20:17:55 UTC (RELENG_7_0, 7.0-RELEASE-p8)\n 2009-01-07 20:17:55 UTC (RELENG_6, 6.4-STABLE)\n 2009-01-07 20:17:55 UTC (RELENG_6_4, 6.4-RELEASE-p2)\n 2009-01-07 20:17:55 UTC (RELENG_6_3, 6.3-RELEASE-p8)\nCVE Name: CVE-2008-5077\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:http://security.FreeBSD.org/\u003e. Background\n\nFreeBSD includes software from the OpenSSL Project. The OpenSSL Project is\na collaborative effort to develop a robust, commercial-grade, full-featured\nOpen Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)\nand Transport Layer Security (TLS v1) protocols as well as a full-strength\ngeneral purpose cryptography library. \n\nII. Problem Description\n\nThe EVP_VerifyFinal() function from OpenSSL is used to determine if a\ndigital signature is valid. This\nis only a problem for DSA and ECDSA keys. \n\nIII. Impact\n\nFor applications using OpenSSL for SSL connections, an invalid SSL\ncertificate may be interpreted as valid. This could for example be\nused by an attacker to perform a man-in-the-middle attack. \n\nOther applications which use the OpenSSL EVP API may similarly be\naffected. \n\nIV. Workaround\n\nFor a server an RSA signed certificate may be used instead of DSA or\nECDSA based certificate. \n\nNote that Mozilla Firefox does not use OpenSSL and thus is not\naffected. Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the\nRELENG_7_1, RELENG_7_0, RELENG_6_4, or RELENG_6_3 security branch\ndated after the correction date. \n\n2) To patch your present system:\n\nThe following patches have been verified to apply to FreeBSD 6.3, 6.4,\n7.0, and 7.1 systems. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n[FreeBSD 7.x]\n# fetch http://security.FreeBSD.org/patches/SA-09:02/openssl.patch\n# fetch http://security.FreeBSD.org/patches/SA-09:02/openssl.patch.asc\n\n[FreeBSD 6.x]\n# fetch http://security.FreeBSD.org/patches/SA-09:02/openssl6.patch\n# fetch http://security.FreeBSD.org/patches/SA-09:02/openssl6.patch.asc\n\nb) Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n# cd /usr/src/secure/lib/libssl\n# make obj \u0026\u0026 make depend \u0026\u0026 make \u0026\u0026 make install\n# cd /usr/src/secure/usr.bin/openssl\n# make obj \u0026\u0026 make depend \u0026\u0026 make \u0026\u0026 make install\n\nNOTE: On the amd64 platform, the above procedure will not update the\nlib32 (i386 compatibility) libraries. On amd64 systems where the i386\ncompatibility libraries are used, the operating system should instead\nbe recompiled as described in\n\u003cURL:http://www.FreeBSD.org/handbook/makeworld.html\u003e\n\nVI. Correction details\n\nThe following list contains the revision numbers of each file that was\ncorrected in FreeBSD. \n\nCVS:\n\nBranch Revision\n Path\n- -------------------------------------------------------------------------\nRELENG_6\n src/crypto/openssl/apps/speed.c 1.13.2.1\n src/crypto/openssl/apps/verify.c 1.1.1.5.12.1\n src/crypto/openssl/apps/x509.c 1.1.1.10.2.1\n src/crypto/openssl/apps/spkac.c 1.1.1.4.12.1\n src/crypto/openssl/ssl/s2_srvr.c 1.12.2.1\n src/crypto/openssl/ssl/s3_clnt.c 1.1.1.12.2.1\n src/crypto/openssl/ssl/s3_srvr.c 1.1.1.14.2.2\n src/crypto/openssl/ssl/s2_clnt.c 1.13.2.2\nRELENG_6_4\n src/UPDATING 1.416.2.40.2.5\n src/sys/conf/newvers.sh 1.69.2.18.2.8\n src/crypto/openssl/apps/speed.c 1.13.12.1\n src/crypto/openssl/apps/verify.c 1.1.1.5.24.1\n src/crypto/openssl/apps/x509.c 1.1.1.10.12.1\n src/crypto/openssl/apps/spkac.c 1.1.1.4.24.1\n src/crypto/openssl/ssl/s2_srvr.c 1.12.12.1\n src/crypto/openssl/ssl/s3_clnt.c 1.1.1.12.12.1\n src/crypto/openssl/ssl/s3_srvr.c 1.1.1.14.2.1.6.1\n src/crypto/openssl/ssl/s2_clnt.c 1.13.2.1.6.1\nRELENG_6_3\n src/UPDATING 1.416.2.37.2.13\n src/sys/conf/newvers.sh 1.69.2.15.2.12\n src/crypto/openssl/apps/speed.c 1.13.10.1\n src/crypto/openssl/apps/verify.c 1.1.1.5.22.1\n src/crypto/openssl/apps/x509.c 1.1.1.10.10.1\n src/crypto/openssl/apps/spkac.c 1.1.1.4.22.1\n src/crypto/openssl/ssl/s2_srvr.c 1.12.10.1\n src/crypto/openssl/ssl/s3_clnt.c 1.1.1.12.10.1\n src/crypto/openssl/ssl/s3_srvr.c 1.1.1.14.2.1.4.1\n src/crypto/openssl/ssl/s2_clnt.c 1.13.2.1.4.1\nRELENG_7\n src/crypto/openssl/apps/speed.c 1.15.2.1\n src/crypto/openssl/apps/verify.c 1.1.1.6.2.1\n src/crypto/openssl/apps/x509.c 1.1.1.11.2.1\n src/crypto/openssl/apps/spkac.c 1.1.1.5.2.1\n src/crypto/openssl/ssl/s2_srvr.c 1.13.2.1\n src/crypto/openssl/ssl/s3_clnt.c 1.1.1.14.2.1\n src/crypto/openssl/ssl/s3_srvr.c 1.1.1.17.2.1\n src/crypto/openssl/ssl/ssltest.c 1.1.1.10.2.1\n src/crypto/openssl/ssl/s2_clnt.c 1.15.2.1\nRELENG_7_1\n src/UPDATING 1.507.2.13.2.4\n src/sys/conf/newvers.sh 1.72.2.9.2.5\n src/crypto/openssl/apps/speed.c 1.15.6.1\n src/crypto/openssl/apps/verify.c 1.1.1.6.6.1\n src/crypto/openssl/apps/x509.c 1.1.1.11.6.1\n src/crypto/openssl/apps/spkac.c 1.1.1.5.6.1\n src/crypto/openssl/ssl/s2_srvr.c 1.13.6.1\n src/crypto/openssl/ssl/s3_clnt.c 1.1.1.14.6.1\n src/crypto/openssl/ssl/s3_srvr.c 1.1.1.17.6.1\n src/crypto/openssl/ssl/ssltest.c 1.1.1.10.6.1\n src/crypto/openssl/ssl/s2_clnt.c 1.15.6.1\nRELENG_7_0\n src/UPDATING 1.507.2.3.2.12\n src/sys/conf/newvers.sh 1.72.2.5.2.12\n src/crypto/openssl/apps/speed.c 1.15.4.1\n src/crypto/openssl/apps/verify.c 1.1.1.6.4.1\n src/crypto/openssl/apps/x509.c 1.1.1.11.4.1\n src/crypto/openssl/apps/spkac.c 1.1.1.5.4.1\n src/crypto/openssl/ssl/s2_srvr.c 1.13.4.1\n src/crypto/openssl/ssl/s3_clnt.c 1.1.1.14.4.1\n src/crypto/openssl/ssl/s3_srvr.c 1.1.1.17.4.1\n src/crypto/openssl/ssl/ssltest.c 1.1.1.10.4.1\n src/crypto/openssl/ssl/s2_clnt.c 1.15.4.1\n- -------------------------------------------------------------------------\n\nSubversion:\n\nBranch/path Revision\n- -------------------------------------------------------------------------\nstable/6/ r186873\nreleng/6.4/ r186872\nreleng/6.3/ r186872\nstable/7/ r186872\nreleng/7.1/ r186872\nreleng/7.0/ r186872\n- -------------------------------------------------------------------------\n\nVII. \n\nRelease Date: 2009-05-14\nLast Updated: 2009-05-14\n\nPotential Security Impact: Remote cross site scripting (XSS), unauthorized access \n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP System Management Homepage (SMH) for Linux and Windows running PHP and OpenSSL. These vulnerabilities could be exploited remotely to allow cross site scripting (XSS) and unauthorized access. \n\nReferences: CVE-2008-5077, CVE-2008-5814\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP System Management Homepage (SMH) before v3.0.1.73 running on Linux and Windows 2003, 2008. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics \n===============================================\nReference Base Vector Base Score \nCVE-2008-5077 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0\nCVE-2008-5814 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6\n===============================================\nInformation on CVSS is documented in HP Customer Notice: HPSN-2008-002. \n \nRESOLUTION\n\nHP has provided System Management Homepage (SMH) v3.0.1.73 or subsequent to resolve these vulnerabilities. \nSMH vv3.0.1.73 is available from the following web sites:\n\nHP System Management Homepage for Linux (x86) v3.0.1.73) can be downloaded from \nhttp://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?swItem=MTX-b35b8e125d17427fa8a74e9ef6 \n \nHP System Management Homepage for Linux (AMD64/EM64T) v3.0.1.73 can be downloaded from \nhttp://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?swItem=MTX-d7bcce2dc82d43daaec308eb40 \n \nHP System Management Homepage for Windows v3.0.1.73 can be downloaded from \nhttp://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?swItem=MTX-8300d57bb5424791b0e61652e8 \n \n\nPRODUCT SPECIFIC INFORMATION \nNone \n\nHISTORY \nVersion:1 (rev.1) - 14 May 2009 Initial Release \n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com \nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com \n Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email: \nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC \nOn the web page: ITRC security bulletins and patch sign-up \nUnder Step1: your ITRC security bulletins and patches \n - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems \n - verify your operating system selections are checked and save. \n\n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php \nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do \n\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: \n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n \nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2009 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\n VMware Security Advisory\n\nAdvisory ID: VMSA-2009-0004\nSynopsis: ESX Service Console updates for openssl, bind, and\n vim\nIssue date: 2009-03-31\nUpdated on: 2009-03-31 (initial release of advisory)\nCVE numbers: CVE-2008-5077 CVE-2009-0025 CVE-2008-4101\n CVE-2008-3432 CVE-2008-2712 CVE-2007-2953\n- ------------------------------------------------------------------------\n\n1. Summary\n\n ESX patches for OpenSSL, vim and bind resolve several security\n issues. \n\n2. Relevant releases\n\n VMware ESX 3.0.3 without patches ESX303-200903406-SG,\n ESX303-200903405-SG,\n ESX303-200903403-SG\n\n VMware ESX 3.0.2 without patches ESX-1008409, ESX-1008408,\n ESX-1008406\n\n Extended support for ESX 3.0.2 Update 1 ends on 2009-08-08. \n Users should plan to upgrade to ESX 3.0.3 and preferably to\n the newest release available. \n\n3. Problem Description\n\n a. Updated OpenSSL package for the Service Console fixes a\n security issue. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2008-5077 to this issue. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n VirtualCenter any Windows not affected\n\n hosted * any any not affected\n\n ESXi 3.5 ESXi not affected\n\n ESX 3.5 ESX affected, patch pending\n ESX 3.0.3 ESX ESX303-200903406-SG\n ESX 3.0.2 ESX ESX-1008409\n ESX 2.5.5 ESX affected, patch pending\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n b. Update bind package for the Service Console fixes a security issue. \n\n A flaw was discovered in the way Berkeley Internet Name Domain\n (BIND) checked the return value of the OpenSSL DSA_do_verify\n function. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2009-0025 to this issue. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n VirtualCenter any Windows not affected\n\n hosted * any any not affected\n\n ESXi 3.5 ESXi not affected\n\n ESX 3.5 ESX affected, patch pending\n ESX 3.0.3 ESX ESX303-200903405-SG\n ESX 3.0.2 ESX ESX-1008408\n ESX 2.5.5 ESX affected, patch pending\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n c. Updated vim package for the Service Console addresses several\n security issues. \n\n Several input flaws were found in Visual editor IMproved\u0027s (Vim)\n keyword and tag handling. If Vim looked up a document\u0027s maliciously\n crafted tag or keyword, it was possible to execute arbitrary code as\n the user running Vim. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2008-4101 to this issue. \n\n A heap-based overflow flaw was discovered in Vim\u0027s expansion of file\n name patterns with shell wildcards. An attacker could create a\n specially crafted file or directory name, when opened by Vim causes\n the application to stop responding or execute arbitrary code. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2008-3432 to this issue. \n\n Several input flaws were found in various Vim system functions. If a\n user opened a specially crafted file, it was possible to execute\n arbitrary code as the user running Vim. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2008-2712 to this issue. \n\n A format string flaw was discovered in Vim\u0027s help tag processor. If\n a user was tricked into executing the \"helptags\" command on\n malicious data, arbitrary code could be executed with the\n permissions of the user running VIM. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2007-2953 to this issue. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n VirtualCenter any Windows not affected\n\n hosted * any any not affected\n\n ESXi 3.5 ESXi not affected\n\n ESX 3.5 ESX affected, patch pending\n ESX 3.0.3 ESX ESX303-200903403-SG\n ESX 3.0.2 ESX ESX-1008406\n ESX 2.5.5 ESX affected, patch pending\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n4. Solution\n\n Please review the patch/release notes for your product and version\n and verify the md5sum of your downloaded file. \n\n ESX\n ---\n ESX 3.0.2 ESX-1008409 (openssl)\n http://download3.vmware.com/software/vi/ESX-1008409.tgz\n md5sum: cb25fd47bc0713b968d8778c033bc846\n http://kb.vmware.com/kb/1008409\n\n ESX 3.0.2 ESX-1008408 (bind)\n http://download3.vmware.com/software/vi/ESX-1008408.tgz\n md5sum: b6bd9193892a9c89b9b7a1e0456d2a9a\n http://kb.vmware.com/kb/1008408\n\n ESX 3.0.2 ESX-1008406 (vim)\n http://download3.vmware.com/software/vi/ESX-1008406.tgz\n md5sum: f069daa58190b39e431cedbd26ce25ef\n http://kb.vmware.com/kb/1008406\n\n ESX 3.0.3 ESX303-200903406-SG (openssl)\n http://download3.vmware.com/software/vi/ESX303-200903406-SG.zip\n md5sum: 45a2d32f9267deb5e743366c38652c92\n http://kb.vmware.com/kb/1008416\n\n ESX 3.0.3 ESX303-200903405-SG (bind)\n http://download3.vmware.com/software/vi/ESX303-200903405-SG.zip\n md5sum: 34d00fd9cca7f3e08c0857b4cc254710\n http://kb.vmware.com/kb/1008415\n\n ESX 3.0.3 ESX303-200903403-SG (vim)\n http://download3.vmware.com/software/vi/ESX303-200903403-SG.zip\n md5sum: 9790c9512aef18beaf0d1c7d405bed1a\n http://kb.vmware.com/kb/1008413\n\n5. References\n\n CVE numbers\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0025\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4101\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3432\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2712\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2953\n\n- ------------------------------------------------------------------------\n6. Change log\n\n2009-03-31 VMSA-2009-0004\nInitial security advisory after release of patches for ESX 3.0.2 and\n3.0.3 on 2009-03-31. \n\n- -----------------------------------------------------------------------\n7. Contact\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n * security-announce at lists.vmware.com\n * bugtraq at securityfocus.com\n * full-disclosure at lists.grok.org.uk\n\nE-mail: security at vmware.com\nPGP key at: http://kb.vmware.com/kb/1055\n\nVMware Security Center\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2009 VMware Inc. All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (MingW32)\n\niD8DBQFJ0tgoS2KysvBH1xkRAiAbAJ4uG0NGavdQLzfxFyXnrxBQLqHl1QCdEf4q\nLA8+0sLvaS37smj8BQPdm0g=\n=ZVXY\n-----END PGP SIGNATURE-----\n. \n\nThis bug allows a malformed signature to be treated as a good signature\nrather than as an error. \n\nA patch fixing the issue with proper return code checking and further\nimportant recommendations are described in the original OpenSSL Team\nadvisory. \n\nAt the request of the OpenSSL team, oCERT has aided in the remediation\ncoordination for other projects with similar API misuse vulnerabilities. \nIn addition to EVP_VerifyFinal, the return codes from DSA_verify and\nDSA_do_verify functions were being incorrectly validated, and packages\ndoing so are affected in a similar fashion as OpenSSL. \n\nNTP \u003c= 4.2.4p5 (production), \u003c= 4.2.5p150 (development)\n\nSun GridEngine \u003c= 5.3\n\nGale \u003c= 0.99\n\nOpenEvidence \u003c= 1.0.6\n\nBelgian eID middleware - eidlib \u003c= 2.6.0 [2]\n\nFreedom Network Server \u003c= 2.x\n\nThe following packages were identified as affected by a vulnerability\nsimilar to the OpenSSL one, as they use OpenSSL DSA_verify function and\nincorrectly check the return code. \n\nBIND \u003c= 9.4.3\n\nLasso \u003c= 2.2.1\n\nZXID \u003c= 0.29\n\n1 - use of OpenSSL as an SSL/TLS client when connecting to a server whose\ncertificate uses an RSA key is NOT affected. Verification of client\ncertificates by OpenSSL servers for any key type is NOT affected. \n\n2 - Belgian eID middleware latest versions are not available in source\nform, therefore we cannot confirm if they are affected\n\n\nFixed version:\n\nOpenSSL \u003e= 0.9.8j\n\nNTP \u003e= 4.2.4p6 (production), \u003e= 4.2.5p153 (development)\n\nSun GridEngine \u003e= 6.0\n\nGale N/A\n\nOpenEvidence N/A\n\nBelgian eID middleware - eidlib N/A\n\nFreedom Network Server N/A\n\nBIND \u003e= 9.3.6-P1, 9.4.3-P1, 9.5.1-P1, 9.6.0-P1\n\nLasso \u003e= 2.2.2\n\nZXID N/A\n\n\nCredit: Google Security Team (for the original OpenSSL issue). \n\n\nCVE: CVE-2008-5077 (OpenSSL),\n CVE-2009-0021 (NTP),\n CVE-2009-0025 (BIND)\n\n\nTimeline:\n2008-12-16: OpenSSL Security Team requests coordination aid from oCERT\n2008-12-16: oCERT investigates packages affected by similar issues\n2008-12-16: contacted affected vendors\n2008-12-17: investigation expanded to DSA verification\n2008-12-17: BIND, Lasso and ZXID added to affected packages\n2008-12-18: contacted additional affected vendors\n2009-01-05: status updates and patch dissemination to affected vendors\n2009-01-05: confirmation from BIND of issue and fix\n2009-01-06: requested CVE assignment for BIND\n2009-01-07: advisory published\n\n\nReferences:\nhttp://openssl.org/news/secadv_20090107.txt\n\n\nLinks:\nhttp://openssl.org/\nhttp://www.ntp.org/\nhttp://gridengine.sunsource.net/\nhttp://gale.org/\nhttp://www.openevidence.org/\nhttp://eid.belgium.be/\nhttp://www.google.com/codesearch/p?#1vGzyQX--LU/achilles/remailer/zero-knowledge/freedomserver-2.x.tgz/\nhttps://www.isc.org/products/BIND\nhttp://lasso.entrouvert.org/\nhttp://www.zxid.org/\n\n\nPermalink:\nhttp://www.ocert.org/advisories/ocert-2008-016.html\n\n\n--\nWill Drewry \u003credpig@ocert.org\u003e\noCERT Team :: http://ocert.org\n. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2008.0:\n 6585e08eab279e6a249630385683bf43 2008.0/i586/libopenssl0.9.8-0.9.8e-8.2mdv2008.0.i586.rpm\n b5955c2c0a2cc24abd9f5f3ebc7d0148 2008.0/i586/libopenssl0.9.8-devel-0.9.8e-8.2mdv2008.0.i586.rpm\n 7c92323d7aa583b936ef908f3f6ac867 2008.0/i586/libopenssl0.9.8-static-devel-0.9.8e-8.2mdv2008.0.i586.rpm\n 2b791168311c3ecba4f8b7acd24e64ab 2008.0/i586/openssl-0.9.8e-8.2mdv2008.0.i586.rpm \n cf51c48e4c05ac5357f6076fbaeff0a5 2008.0/SRPMS/openssl-0.9.8e-8.2mdv2008.0.src.rpm\n\n Mandriva Linux 2008.0/X86_64:\n 6259ac00622227eee59f888bc516bc3a 2008.0/x86_64/lib64openssl0.9.8-0.9.8e-8.2mdv2008.0.x86_64.rpm\n fe745327c1bbb599e025a5b90bb05817 2008.0/x86_64/lib64openssl0.9.8-devel-0.9.8e-8.2mdv2008.0.x86_64.rpm\n bdb7113b06aab0c4d77cbf86bcf208c2 2008.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8e-8.2mdv2008.0.x86_64.rpm\n d4fda198a80b88c7caaf947af0866df8 2008.0/x86_64/openssl-0.9.8e-8.2mdv2008.0.x86_64.rpm \n cf51c48e4c05ac5357f6076fbaeff0a5 2008.0/SRPMS/openssl-0.9.8e-8.2mdv2008.0.src.rpm\n\n Mandriva Linux 2008.1:\n 4a0be98cd3fb82a22e3836c5ae81ed37 2008.1/i586/libopenssl0.9.8-0.9.8g-4.2mdv2008.1.i586.rpm\n 277058ecc1d26d24bf4da5ea27d4a31f 2008.1/i586/libopenssl0.9.8-devel-0.9.8g-4.2mdv2008.1.i586.rpm\n 29b08a5a233f1987c4ca98aaa4e97ac5 2008.1/i586/libopenssl0.9.8-static-devel-0.9.8g-4.2mdv2008.1.i586.rpm\n e47be879abc0c089a8f380469a6a62c8 2008.1/i586/openssl-0.9.8g-4.2mdv2008.1.i586.rpm \n 7395d0e10c1938be16261baba05da55c 2008.1/SRPMS/openssl-0.9.8g-4.2mdv2008.1.src.rpm\n\n Mandriva Linux 2008.1/X86_64:\n 71a69804b928a9f7856f65fee332c5ab 2008.1/x86_64/lib64openssl0.9.8-0.9.8g-4.2mdv2008.1.x86_64.rpm\n e9c5d1d4895a5a679945bde62df6f988 2008.1/x86_64/lib64openssl0.9.8-devel-0.9.8g-4.2mdv2008.1.x86_64.rpm\n 7f2d66839f93e2083dcd1b1f27ca4ddf 2008.1/x86_64/lib64openssl0.9.8-static-devel-0.9.8g-4.2mdv2008.1.x86_64.rpm\n 40408ffdf13faa6c79b28c764bb88b22 2008.1/x86_64/openssl-0.9.8g-4.2mdv2008.1.x86_64.rpm \n 7395d0e10c1938be16261baba05da55c 2008.1/SRPMS/openssl-0.9.8g-4.2mdv2008.1.src.rpm\n\n Mandriva Linux 2009.0:\n 2512f6a41e9a8e7bcff53e5737029689 2009.0/i586/libopenssl0.9.8-0.9.8h-3.1mdv2009.0.i586.rpm\n d7774faaed2866da5bb05cbcf07604da 2009.0/i586/libopenssl0.9.8-devel-0.9.8h-3.1mdv2009.0.i586.rpm\n ed99160bdf1ce33fa81dc47c71915318 2009.0/i586/libopenssl0.9.8-static-devel-0.9.8h-3.1mdv2009.0.i586.rpm\n 6116fafed014596ee1e6ec43db93133f 2009.0/i586/openssl-0.9.8h-3.1mdv2009.0.i586.rpm \n 8ad6b0d8aff3bb992d716668450aef3a 2009.0/SRPMS/openssl-0.9.8h-3.1mdv2009.0.src.rpm\n\n Mandriva Linux 2009.0/X86_64:\n d2cc04fc0bdaeea8e4cc5d7ab4e997fd 2009.0/x86_64/lib64openssl0.9.8-0.9.8h-3.1mdv2009.0.x86_64.rpm\n b537da3113c75f87c4fa8d66be2d6797 2009.0/x86_64/lib64openssl0.9.8-devel-0.9.8h-3.1mdv2009.0.x86_64.rpm\n ef9add2bec302b324b9c0690cf79b57c 2009.0/x86_64/lib64openssl0.9.8-static-devel-0.9.8h-3.1mdv2009.0.x86_64.rpm\n 16b8c11f4d6dedf2e4176bfc55607c15 2009.0/x86_64/openssl-0.9.8h-3.1mdv2009.0.x86_64.rpm \n 8ad6b0d8aff3bb992d716668450aef3a 2009.0/SRPMS/openssl-0.9.8h-3.1mdv2009.0.src.rpm\n\n Corporate 3.0:\n 5e8f4b7c1e646d0e16af2d83238a011b corporate/3.0/i586/libopenssl0.9.7-0.9.7c-3.9.C30mdk.i586.rpm\n 5115d911b9a6842fd0c3495429c7c2f2 corporate/3.0/i586/libopenssl0.9.7-devel-0.9.7c-3.9.C30mdk.i586.rpm\n b934b4f9686deef6cb1eba750ab36288 corporate/3.0/i586/libopenssl0.9.7-static-devel-0.9.7c-3.9.C30mdk.i586.rpm\n 11ec8a4df261d4d4fa9957d33be08604 corporate/3.0/i586/openssl-0.9.7c-3.9.C30mdk.i586.rpm \n dcd1a4feb1a04302c54465dce7c7c506 corporate/3.0/SRPMS/openssl-0.9.7c-3.9.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 64521521330df90b42c9c37cafe50b54 corporate/3.0/x86_64/lib64openssl0.9.7-0.9.7c-3.9.C30mdk.x86_64.rpm\n 3a85c30c0511e42ec76c80e08efe5192 corporate/3.0/x86_64/lib64openssl0.9.7-devel-0.9.7c-3.9.C30mdk.x86_64.rpm\n 12af66f30c5022d8d29b57a9131458c3 corporate/3.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7c-3.9.C30mdk.x86_64.rpm\n 62f5c54be99ddc9458670ae04b24d3f0 corporate/3.0/x86_64/openssl-0.9.7c-3.9.C30mdk.x86_64.rpm \n dcd1a4feb1a04302c54465dce7c7c506 corporate/3.0/SRPMS/openssl-0.9.7c-3.9.C30mdk.src.rpm\n\n Corporate 4.0:\n 60c64d9ead2b01fb39058a705fcb95dc corporate/4.0/i586/libopenssl0.9.7-0.9.7g-2.7.20060mlcs4.i586.rpm\n fb4d5555c211b375707bf7d194e74776 corporate/4.0/i586/libopenssl0.9.7-devel-0.9.7g-2.7.20060mlcs4.i586.rpm\n c13ff967b4310e5a790e85595f940b7e corporate/4.0/i586/libopenssl0.9.7-static-devel-0.9.7g-2.7.20060mlcs4.i586.rpm\n e9a96a389c00ee674d689e3747c3e501 corporate/4.0/i586/openssl-0.9.7g-2.7.20060mlcs4.i586.rpm \n 4df38ebd98b467bdee0d4a24d3b0158f corporate/4.0/SRPMS/openssl-0.9.7g-2.7.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n de71d0bbc98589afdf03b7a99aad7103 corporate/4.0/x86_64/lib64openssl0.9.7-0.9.7g-2.7.20060mlcs4.x86_64.rpm\n 0c330148b55987e50f491c7e4d3b65a5 corporate/4.0/x86_64/lib64openssl0.9.7-devel-0.9.7g-2.7.20060mlcs4.x86_64.rpm\n ce64720b2685fada3e88a5725c43b532 corporate/4.0/x86_64/lib64openssl0.9.7-static-devel-0.9.7g-2.7.20060mlcs4.x86_64.rpm\n 29f0f40602184d7f366e1d1d8e5c03e4 corporate/4.0/x86_64/openssl-0.9.7g-2.7.20060mlcs4.x86_64.rpm \n 4df38ebd98b467bdee0d4a24d3b0158f corporate/4.0/SRPMS/openssl-0.9.7g-2.7.20060mlcs4.src.rpm\n\n Multi Network Firewall 2.0:\n 74a4beac1c01f9fd888dd5eea356f7be mnf/2.0/i586/libopenssl0.9.7-0.9.7c-3.9.C30mdk.i586.rpm\n c809a08f26051c7a3931ccda00c94429 mnf/2.0/i586/openssl-0.9.7c-3.9.C30mdk.i586.rpm \n 8ae9f7004b77dca2317980ba4215dc92 mnf/2.0/SRPMS/openssl-0.9.7c-3.9.C30mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFJZqIYmqjQ0CJFipgRAqRNAKDNNvWgsIk0/eh5f8539zOJ7dtnnQCeJezP\nZE8i9Ju80WcdhXe9yIoPevE=\n=9n1t\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \nHP SSL v1.3 for OpenVMS Alpha (v 8.2 or higher) and Integrity (v 8.2-1 or higher)", "sources": [ { "db": "NVD", "id": "CVE-2008-5077" }, { "db": "CNVD", "id": "CNVD-2010-0376" }, { "db": "BID", "id": "33150" }, { "db": "PACKETSTORM", "id": "73670" }, { "db": "PACKETSTORM", "id": "77647" }, { "db": "PACKETSTORM", "id": "76261" }, { "db": "PACKETSTORM", "id": "73658" }, { "db": "PACKETSTORM", "id": "73698" }, { "db": "PACKETSTORM", "id": "90746" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2008-5077", "trust": 3.1 }, { "db": "OCERT", "id": "OCERT-2008-016", "trust": 1.4 }, { "db": "BID", "id": "33150", "trust": 1.3 }, { "db": "SECUNIA", "id": "35108", "trust": 1.0 }, { "db": "SECUNIA", "id": "39005", "trust": 1.0 }, { "db": "SECUNIA", "id": "33338", "trust": 1.0 }, { "db": "SECUNIA", "id": "33557", "trust": 1.0 }, { "db": "SECUNIA", "id": "33673", "trust": 1.0 }, { "db": "SECUNIA", "id": "33394", "trust": 1.0 }, { "db": "SECUNIA", "id": "33436", "trust": 1.0 }, { "db": "SECUNIA", "id": "34211", "trust": 1.0 }, { "db": "SECUNIA", "id": "35074", "trust": 1.0 }, { "db": "SECUNIA", "id": "33765", "trust": 1.0 }, { "db": "USCERT", "id": "TA09-133A", "trust": 1.0 }, { "db": "VUPEN", "id": "ADV-2009-0289", "trust": 1.0 }, { "db": "VUPEN", "id": "ADV-2009-0362", "trust": 1.0 }, { "db": "VUPEN", "id": "ADV-2009-0913", "trust": 1.0 }, { "db": "VUPEN", "id": "ADV-2009-1297", "trust": 1.0 }, { "db": "VUPEN", "id": "ADV-2009-0558", "trust": 1.0 }, { "db": "VUPEN", "id": "ADV-2009-0904", "trust": 1.0 }, { "db": "VUPEN", "id": "ADV-2009-0040", "trust": 1.0 }, { "db": "VUPEN", "id": "ADV-2009-1338", "trust": 1.0 }, { "db": "SECTRACK", "id": "1021523", "trust": 1.0 }, { "db": "CNVD", "id": "CNVD-2010-0376", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.0696", "trust": 0.6 }, { "db": "LENOVO", "id": "LEN-24443", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-200901-055", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "73670", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "77647", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "76261", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "73658", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "73698", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "90746", "trust": 0.1 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2010-0376" }, { "db": "BID", "id": "33150" }, { "db": "PACKETSTORM", "id": "73670" }, { "db": "PACKETSTORM", "id": "77647" }, { "db": "PACKETSTORM", "id": "76261" }, { "db": "PACKETSTORM", "id": "73658" }, { "db": "PACKETSTORM", "id": "73698" }, { "db": "PACKETSTORM", "id": "90746" }, { "db": "CNNVD", "id": "CNNVD-200901-055" }, { "db": "NVD", "id": "CVE-2008-5077" } ] }, "id": "VAR-200901-0714", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2010-0376" } ], "trust": 0.06 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2010-0376" } ] }, "last_update_date": "2024-07-23T20:15:05.042000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "F5 FirePass OpenSSL \\\"EVP_VerifyFinal()\\\" Spoofing Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/230" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2010-0376" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2008-5077" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.4, "url": "http://www.ocert.org/advisories/ocert-2008-016.html" }, { "trust": 1.3, "url": "http://support.nortel.com/go/main.jsp?cscat=bltndetail\u0026id=837653" }, { "trust": 1.3, "url": "http://voodoo-circle.sourceforge.net/sa/sa-20090123-01.html" }, { "trust": 1.3, "url": "http://support.avaya.com/elmodocs2/security/asa-2009-038.htm" }, { "trust": 1.3, "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-250826-1" }, { "trust": 1.1, "url": "http://www.openssl.org/news/secadv_20090107.txt" }, { "trust": 1.0, "url": "http://lists.apple.com/archives/security-announce/2009/may/msg00002.html" }, { "trust": 1.0, "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html" }, { "trust": 1.0, "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=123859864430555\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=124277349419254\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=127678688104458\u0026w=2" }, { "trust": 1.0, "url": "http://secunia.com/advisories/33338" }, { "trust": 1.0, "url": "http://secunia.com/advisories/33394" }, { "trust": 1.0, "url": "http://secunia.com/advisories/33436" }, { "trust": 1.0, "url": "http://secunia.com/advisories/33557" }, { "trust": 1.0, "url": "http://secunia.com/advisories/33673" }, { "trust": 1.0, "url": "http://secunia.com/advisories/33765" }, { "trust": 1.0, "url": "http://secunia.com/advisories/34211" }, { "trust": 1.0, "url": "http://secunia.com/advisories/35074" }, { "trust": 1.0, "url": "http://secunia.com/advisories/35108" }, { "trust": 1.0, "url": "http://secunia.com/advisories/39005" }, { "trust": 1.0, "url": "http://security.gentoo.org/glsa/glsa-200902-02.xml" }, { "trust": 1.0, "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2009\u0026m=slackware-security.544796" }, { "trust": 1.0, "url": "http://support.apple.com/kb/ht3549" }, { "trust": 1.0, "url": "http://www.redhat.com/support/errata/rhsa-2009-0004.html" }, { "trust": 1.0, "url": "http://www.securityfocus.com/archive/1/499827/100/0/threaded" }, { "trust": 1.0, "url": "http://www.securityfocus.com/archive/1/502322/100/0/threaded" }, { "trust": 1.0, "url": "http://www.securityfocus.com/bid/33150" }, { "trust": 1.0, "url": "http://www.securitytracker.com/id?1021523" }, { "trust": 1.0, "url": "http://www.us-cert.gov/cas/techalerts/ta09-133a.html" }, { "trust": 1.0, "url": "http://www.vmware.com/security/advisories/vmsa-2009-0004.html" }, { "trust": 1.0, "url": "http://www.vupen.com/english/advisories/2009/0040" }, { "trust": 1.0, "url": "http://www.vupen.com/english/advisories/2009/0289" }, { "trust": 1.0, "url": "http://www.vupen.com/english/advisories/2009/0362" }, { "trust": 1.0, "url": "http://www.vupen.com/english/advisories/2009/0558" }, { "trust": 1.0, "url": "http://www.vupen.com/english/advisories/2009/0904" }, { "trust": 1.0, "url": "http://www.vupen.com/english/advisories/2009/0913" }, { "trust": 1.0, "url": "http://www.vupen.com/english/advisories/2009/1297" }, { "trust": 1.0, "url": "http://www.vupen.com/english/advisories/2009/1338" }, { "trust": 1.0, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a6380" }, { "trust": 1.0, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a9155" }, { "trust": 1.0, "url": "https://usn.ubuntu.com/704-1/" }, { "trust": 0.6, "url": "http://www.securityfocus.com/archive/1/archive/1/502322/100/0/threaded" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-5077" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0696" }, { "trust": 0.6, "url": "https://support.lenovo.com/us/en/solutions/len-24443" }, { "trust": 0.3, "url": "http://www.innominate.com/data/downloads/manuals/releasenotes_mguard_615_en.pdf" }, { "trust": 0.3, "url": "http://www.openbsd.org/errata43.html#007_openssl" }, { "trust": 0.3, "url": "http://eid.belgium.be" }, { "trust": 0.3, "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=kb76646" }, { "trust": 0.3, "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_openssl_vulnerabilities_in_sun" }, { "trust": 0.3, "url": "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_network_time" }, { "trust": 0.3, "url": "http://blog.pfsense.org/?p=351" }, { "trust": 0.3, "url": "http://sourceforge.net/project/shownotes.php?release_id=654656" }, { "trust": 0.3, "url": "http://www.ingate.com/relnote.php?ver=471" }, { "trust": 0.3, "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511509" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=479650" }, { "trust": 0.3, "url": "http://www.innominate.com/data/downloads/manuals/releasenotes_mguard_516_en.pdf" }, { "trust": 0.3, "url": "/archive/1/499827" }, { "trust": 0.3, "url": "/archive/1/499855" }, { "trust": 0.3, "url": "http://support.f5.com/kb/en-us/solutions/public/11000/500/sol11503.html?sr=10949137" }, { "trust": 0.3, "url": "http://www.openbsd.org/errata44.html#007_openssl" }, { "trust": 0.3, "url": "http://support.avaya.com/elmodocs2/security/asa-2009-057.htm" }, { "trust": 0.3, "url": "http://support.avaya.com/elmodocs2/security/asa-2009-116.htm" }, { "trust": 0.3, "url": "https://www.isc.org/node/373" }, { "trust": 0.3, "url": "https://www13.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c01743291" }, { "trust": 0.3, "url": "http://www13.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02227287\u0026admit=109447627+1276778491548+28353475" }, { "trust": 0.3, "url": "http://www.mail-archive.com/openssl-users@openssl.org/msg55534.html" }, { "trust": 0.3, "url": "https://rhn.redhat.com/errata/rhsa-2009-0046.html" }, { "trust": 0.3, "url": "https://support.f5.com/kb/en-us/solutions/public/9000/700/sol9762.html" }, { "trust": 0.3, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-5077" }, { "trust": 0.2, "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do" }, { "trust": 0.2, "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc" }, { "trust": 0.2, "url": "http://h30046.www3.hp.com/subsignin.php" }, { "trust": 0.1, "url": "http://security.freebsd.org/advisories/freebsd-sa-09:02.openssl.asc" }, { "trust": 0.1, "url": "http://security.freebsd.org/patches/sa-09:02/openssl6.patch" }, { "trust": 0.1, "url": "http://security.freebsd.org/patches/sa-09:02/openssl.patch" }, { "trust": 0.1, "url": "http://security.freebsd.org/\u003e." }, { "trust": 0.1, "url": "http://www.freebsd.org/handbook/makeworld.html\u003e" }, { "trust": 0.1, "url": "http://security.freebsd.org/patches/sa-09:02/openssl.patch.asc" }, { "trust": 0.1, "url": "http://security.freebsd.org/patches/sa-09:02/openssl6.patch.asc" }, { "trust": 0.1, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/softwaredescription.jsp?switem=mtx-8300d57bb5424791b0e61652e8" }, { "trust": 0.1, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/softwaredescription.jsp?switem=mtx-b35b8e125d17427fa8a74e9ef6" }, { "trust": 0.1, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/softwaredescription.jsp?switem=mtx-d7bcce2dc82d43daaec308eb40" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-5814" }, { "trust": 0.1, "url": "http://download3.vmware.com/software/vi/esx-1008408.tgz" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0025" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1008409" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1008413" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2712" }, { "trust": 0.1, "url": "http://www.vmware.com/security" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-2712" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4101" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1008415" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1055" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-3432" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1008416" }, { "trust": 0.1, "url": "http://download3.vmware.com/software/vi/esx303-200903403-sg.zip" }, { "trust": 0.1, "url": "http://download3.vmware.com/software/vi/esx303-200903406-sg.zip" }, { "trust": 0.1, "url": "http://download3.vmware.com/software/vi/esx303-200903405-sg.zip" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/security_response.html" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1008408" }, { "trust": 0.1, "url": "http://download3.vmware.com/software/vi/esx-1008409.tgz" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/eos.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-4101" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1008406" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3432" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0025" }, { "trust": 0.1, "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2953" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/eos_vi.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-2953" }, { "trust": 0.1, "url": "http://download3.vmware.com/software/vi/esx-1008406.tgz" }, { "trust": 0.1, "url": "http://gridengine.sunsource.net/" }, { "trust": 0.1, "url": "https://www.isc.org/products/bind" }, { "trust": 0.1, "url": "http://www.openevidence.org/" }, { "trust": 0.1, "url": "http://eid.belgium.be/" }, { "trust": 0.1, "url": "http://ocert.org" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0021" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-0025" }, { "trust": 0.1, "url": "http://gale.org/" }, { "trust": 0.1, "url": "http://www.zxid.org/" }, { "trust": 0.1, "url": "http://openssl.org/news/secadv_20090107.txt" }, { "trust": 0.1, "url": "http://lasso.entrouvert.org/" }, { "trust": 0.1, "url": "http://openssl.org/" }, { "trust": 0.1, "url": "http://www.google.com/codesearch/p?#1vgzyqx--lu/achilles/remailer/zero-knowledge/freedomserver-2.x.tgz/" }, { "trust": 0.1, "url": "http://www.ntp.org/" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/" }, { "trust": 0.1, "url": "http://secunia.com/" }, { "trust": 0.1, "url": "http://lists.grok.org.uk/full-disclosure-charter.html" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/advisories" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0789" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0591" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3245" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0590" }, { "trust": 0.1, "url": "http://h71000.www7.hp.com/openvms/products/ssl/ssl.html" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2010-0376" }, { "db": "BID", "id": "33150" }, { "db": "PACKETSTORM", "id": "73670" }, { "db": "PACKETSTORM", "id": "77647" }, { "db": "PACKETSTORM", "id": "76261" }, { "db": "PACKETSTORM", "id": "73658" }, { "db": "PACKETSTORM", "id": "73698" }, { "db": "PACKETSTORM", "id": "90746" }, { "db": "CNNVD", "id": "CNNVD-200901-055" }, { "db": "NVD", "id": "CVE-2008-5077" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CNVD", "id": "CNVD-2010-0376" }, { "db": "BID", "id": "33150" }, { "db": "PACKETSTORM", "id": "73670" }, { "db": "PACKETSTORM", "id": "77647" }, { "db": "PACKETSTORM", "id": "76261" }, { "db": "PACKETSTORM", "id": "73658" }, { "db": "PACKETSTORM", "id": "73698" }, { "db": "PACKETSTORM", "id": "90746" }, { "db": "CNNVD", "id": "CNNVD-200901-055" }, { "db": "NVD", "id": "CVE-2008-5077" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2010-03-17T00:00:00", "db": "CNVD", "id": "CNVD-2010-0376" }, { "date": "2009-01-07T00:00:00", "db": "BID", "id": "33150" }, { "date": "2009-01-07T22:43:21", "db": "PACKETSTORM", "id": "73670" }, { "date": "2009-05-19T23:02:50", "db": "PACKETSTORM", "id": "77647" }, { "date": "2009-04-01T22:24:06", "db": "PACKETSTORM", "id": "76261" }, { "date": "2009-01-07T20:17:20", "db": "PACKETSTORM", "id": "73658" }, { "date": "2009-01-09T20:52:12", "db": "PACKETSTORM", "id": "73698" }, { "date": "2010-06-18T02:05:35", "db": "PACKETSTORM", "id": "90746" }, { "date": "2009-01-07T00:00:00", "db": "CNNVD", "id": "CNNVD-200901-055" }, { "date": "2009-01-07T17:30:00.327000", "db": "NVD", "id": "CVE-2008-5077" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2010-03-17T00:00:00", "db": "CNVD", "id": "CNVD-2010-0376" }, { "date": "2015-04-13T22:13:00", "db": "BID", "id": "33150" }, { "date": "2022-03-10T00:00:00", "db": "CNNVD", "id": "CNNVD-200901-055" }, { "date": "2018-10-11T20:53:40.550000", "db": "NVD", "id": "CVE-2008-5077" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "76261" }, { "db": "CNNVD", "id": "CNNVD-200901-055" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "F5 FirePass OpenSSL has an unknown vulnerability", "sources": [ { "db": "CNVD", "id": "CNVD-2010-0376" } ], "trust": 0.6 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation error", "sources": [ { "db": "CNNVD", "id": "CNNVD-200901-055" } ], "trust": 0.6 } }
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.