ID

VAR-200901-0714


CVE

CVE-2008-5077


TITLE

F5 FirePass OpenSSL has an unknown vulnerability

Trust: 0.6

sources: CNVD: CNVD-2010-0376

DESCRIPTION

OpenSSL 0.9.8i and earlier does not properly check the return value from the EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys. F5's FirePass server is a powerful network device that can provide users with secure access to the company's network through any standard web browser. F5 FirePass products have unidentified security vulnerabilities, allowing malicious users to conduct fraud and forgery attacks. OpenSSL is prone to a signature-verification vulnerability. An attacker would likely leverage this issue to conduct phishing attacks or impersonate legitimate sites. Other attacks are also possible. Releases prior to OpenSSL 0.9.8j are affected. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-09:02.openssl Security Advisory The FreeBSD Project Topic: OpenSSL incorrectly checks for malformed signatures Category: contrib Module: openssl Announced: 2009-01-07 Credits: Google Security Team Affects: All FreeBSD releases Corrected: 2009-01-07 21:03:41 UTC (RELENG_7, 7.1-STABLE) 2009-01-07 20:17:55 UTC (RELENG_7_1, 7.1-RELEASE-p1) 2009-01-07 20:17:55 UTC (RELENG_7_0, 7.0-RELEASE-p8) 2009-01-07 20:17:55 UTC (RELENG_6, 6.4-STABLE) 2009-01-07 20:17:55 UTC (RELENG_6_4, 6.4-RELEASE-p2) 2009-01-07 20:17:55 UTC (RELENG_6_3, 6.3-RELEASE-p8) CVE Name: CVE-2008-5077 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:http://security.FreeBSD.org/>. Background FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. II. Problem Description The EVP_VerifyFinal() function from OpenSSL is used to determine if a digital signature is valid. This is only a problem for DSA and ECDSA keys. III. Impact For applications using OpenSSL for SSL connections, an invalid SSL certificate may be interpreted as valid. This could for example be used by an attacker to perform a man-in-the-middle attack. Other applications which use the OpenSSL EVP API may similarly be affected. IV. Workaround For a server an RSA signed certificate may be used instead of DSA or ECDSA based certificate. Note that Mozilla Firefox does not use OpenSSL and thus is not affected. Solution Perform one of the following: 1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the RELENG_7_1, RELENG_7_0, RELENG_6_4, or RELENG_6_3 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 6.3, 6.4, 7.0, and 7.1 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 7.x] # fetch http://security.FreeBSD.org/patches/SA-09:02/openssl.patch # fetch http://security.FreeBSD.org/patches/SA-09:02/openssl.patch.asc [FreeBSD 6.x] # fetch http://security.FreeBSD.org/patches/SA-09:02/openssl6.patch # fetch http://security.FreeBSD.org/patches/SA-09:02/openssl6.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch # cd /usr/src/secure/lib/libssl # make obj && make depend && make && make install # cd /usr/src/secure/usr.bin/openssl # make obj && make depend && make && make install NOTE: On the amd64 platform, the above procedure will not update the lib32 (i386 compatibility) libraries. On amd64 systems where the i386 compatibility libraries are used, the operating system should instead be recompiled as described in <URL:http://www.FreeBSD.org/handbook/makeworld.html> VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. CVS: Branch Revision Path - ------------------------------------------------------------------------- RELENG_6 src/crypto/openssl/apps/speed.c 1.13.2.1 src/crypto/openssl/apps/verify.c 1.1.1.5.12.1 src/crypto/openssl/apps/x509.c 1.1.1.10.2.1 src/crypto/openssl/apps/spkac.c 1.1.1.4.12.1 src/crypto/openssl/ssl/s2_srvr.c 1.12.2.1 src/crypto/openssl/ssl/s3_clnt.c 1.1.1.12.2.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.14.2.2 src/crypto/openssl/ssl/s2_clnt.c 1.13.2.2 RELENG_6_4 src/UPDATING 1.416.2.40.2.5 src/sys/conf/newvers.sh 1.69.2.18.2.8 src/crypto/openssl/apps/speed.c 1.13.12.1 src/crypto/openssl/apps/verify.c 1.1.1.5.24.1 src/crypto/openssl/apps/x509.c 1.1.1.10.12.1 src/crypto/openssl/apps/spkac.c 1.1.1.4.24.1 src/crypto/openssl/ssl/s2_srvr.c 1.12.12.1 src/crypto/openssl/ssl/s3_clnt.c 1.1.1.12.12.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.14.2.1.6.1 src/crypto/openssl/ssl/s2_clnt.c 1.13.2.1.6.1 RELENG_6_3 src/UPDATING 1.416.2.37.2.13 src/sys/conf/newvers.sh 1.69.2.15.2.12 src/crypto/openssl/apps/speed.c 1.13.10.1 src/crypto/openssl/apps/verify.c 1.1.1.5.22.1 src/crypto/openssl/apps/x509.c 1.1.1.10.10.1 src/crypto/openssl/apps/spkac.c 1.1.1.4.22.1 src/crypto/openssl/ssl/s2_srvr.c 1.12.10.1 src/crypto/openssl/ssl/s3_clnt.c 1.1.1.12.10.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.14.2.1.4.1 src/crypto/openssl/ssl/s2_clnt.c 1.13.2.1.4.1 RELENG_7 src/crypto/openssl/apps/speed.c 1.15.2.1 src/crypto/openssl/apps/verify.c 1.1.1.6.2.1 src/crypto/openssl/apps/x509.c 1.1.1.11.2.1 src/crypto/openssl/apps/spkac.c 1.1.1.5.2.1 src/crypto/openssl/ssl/s2_srvr.c 1.13.2.1 src/crypto/openssl/ssl/s3_clnt.c 1.1.1.14.2.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.17.2.1 src/crypto/openssl/ssl/ssltest.c 1.1.1.10.2.1 src/crypto/openssl/ssl/s2_clnt.c 1.15.2.1 RELENG_7_1 src/UPDATING 1.507.2.13.2.4 src/sys/conf/newvers.sh 1.72.2.9.2.5 src/crypto/openssl/apps/speed.c 1.15.6.1 src/crypto/openssl/apps/verify.c 1.1.1.6.6.1 src/crypto/openssl/apps/x509.c 1.1.1.11.6.1 src/crypto/openssl/apps/spkac.c 1.1.1.5.6.1 src/crypto/openssl/ssl/s2_srvr.c 1.13.6.1 src/crypto/openssl/ssl/s3_clnt.c 1.1.1.14.6.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.17.6.1 src/crypto/openssl/ssl/ssltest.c 1.1.1.10.6.1 src/crypto/openssl/ssl/s2_clnt.c 1.15.6.1 RELENG_7_0 src/UPDATING 1.507.2.3.2.12 src/sys/conf/newvers.sh 1.72.2.5.2.12 src/crypto/openssl/apps/speed.c 1.15.4.1 src/crypto/openssl/apps/verify.c 1.1.1.6.4.1 src/crypto/openssl/apps/x509.c 1.1.1.11.4.1 src/crypto/openssl/apps/spkac.c 1.1.1.5.4.1 src/crypto/openssl/ssl/s2_srvr.c 1.13.4.1 src/crypto/openssl/ssl/s3_clnt.c 1.1.1.14.4.1 src/crypto/openssl/ssl/s3_srvr.c 1.1.1.17.4.1 src/crypto/openssl/ssl/ssltest.c 1.1.1.10.4.1 src/crypto/openssl/ssl/s2_clnt.c 1.15.4.1 - ------------------------------------------------------------------------- Subversion: Branch/path Revision - ------------------------------------------------------------------------- stable/6/ r186873 releng/6.4/ r186872 releng/6.3/ r186872 stable/7/ r186872 releng/7.1/ r186872 releng/7.0/ r186872 - ------------------------------------------------------------------------- VII. Release Date: 2009-05-14 Last Updated: 2009-05-14 Potential Security Impact: Remote cross site scripting (XSS), unauthorized access Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) for Linux and Windows running PHP and OpenSSL. These vulnerabilities could be exploited remotely to allow cross site scripting (XSS) and unauthorized access. References: CVE-2008-5077, CVE-2008-5814 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP System Management Homepage (SMH) before v3.0.1.73 running on Linux and Windows 2003, 2008. BACKGROUND CVSS 2.0 Base Metrics =============================================== Reference Base Vector Base Score CVE-2008-5077 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2008-5814 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6 =============================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002. RESOLUTION HP has provided System Management Homepage (SMH) v3.0.1.73 or subsequent to resolve these vulnerabilities. SMH vv3.0.1.73 is available from the following web sites: HP System Management Homepage for Linux (x86) v3.0.1.73) can be downloaded from http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?swItem=MTX-b35b8e125d17427fa8a74e9ef6 HP System Management Homepage for Linux (AMD64/EM64T) v3.0.1.73 can be downloaded from http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?swItem=MTX-d7bcce2dc82d43daaec308eb40 HP System Management Homepage for Windows v3.0.1.73 can be downloaded from http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareDescription.jsp?swItem=MTX-8300d57bb5424791b0e61652e8 PRODUCT SPECIFIC INFORMATION None HISTORY Version:1 (rev.1) - 14 May 2009 Initial Release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For further information, contact normal HP Services support channel. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save. To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections. To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do * The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. "HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement." \xa9Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. This vulnerability is tracked as CVE-2008-5077. Verification of client certificates by OpenSSL servers for any key type is NOT affected. Recommendations for users of OpenSSL ===================================== Users of OpenSSL 0.9.8 should update to the OpenSSL 0.9.8j release which contains a patch to correct this issue. The patch used is also appended to this advisory for users or distributions who wish to backport this patch to versions they build from source. Recommendations for projects using OpenSSL =========================================== Projects and products using OpenSSL should audit any use of the routine EVP_VerifyFinal() to ensure that the return code is being correctly handled. As documented, this function returns 1 for a successful verification, 0 for failure, and -1 for an error. General recommendations ======================== Any server that has clients using OpenSSL verifying DSA or ECDSA certificates, regardless of the software used by the server, should either ensure that all clients are upgraded or stop using DSA/ECDSA certificates. Note that unless certificates are revoked (and clients check for revocation) impersonation will still be possible until the certificate expires. References =========== URL for this Security Advisory: http://www.openssl.org/news/secadv_20090107.txt diff -ur openssl-0.9.8i-ORIG/apps/speed.c openssl-0.9.8i/apps/speed.c --- openssl-0.9.8i/apps/speed.c 2007-11-15 13:33:47.000000000 +0000 +++ openssl-0.9.8i/apps/speed-new.c 2008-12-04 00:00:00.000000000 +0000 @@ -2132,7 +2132,7 @@ { ret=RSA_verify(NID_md5_sha1, buf,36, buf2, rsa_num, rsa_key[j]); - if (ret == 0) + if (ret <= 0) { BIO_printf(bio_err, "RSA verify failure\n"); diff -ur openssl-0.9.8i-ORIG/apps/spkac.c openssl-0.9.8i/apps/spkac.c --- openssl-0.9.8i-ORIG/apps/spkac.c 2005-04-05 19:11:18.000000000 +0000 +++ openssl-0.9.8i/apps/spkac.c 2008-12-04 00:00:00.000000000 +0000 @@ -285,7 +285,7 @@ pkey = NETSCAPE_SPKI_get_pubkey(spki); if(verify) { i = NETSCAPE_SPKI_verify(spki, pkey); - if(i) BIO_printf(bio_err, "Signature OK\n"); + if (i > 0) BIO_printf(bio_err, "Signature OK\n"); else { BIO_printf(bio_err, "Signature Failure\n"); ERR_print_errors(bio_err); diff -ur openssl-0.9.8i-ORIG/apps/verify.c openssl-0.9.8i/apps/verify.c --- openssl-0.9.8i-ORIG/apps/verify.c 2004-11-29 11:28:07.000000000 +0000 +++ openssl-0.9.8i/apps/verify.c 2008-12-04 00:00:00.600000000 +0000 @@ -266,7 +266,7 @@ ret=0; end: - if (i) + if (i > 0) { fprintf(stdout,"OK\n"); ret=1; @@ -367,4 +367,3 @@ ERR_clear_error(); return(ok); } - diff -ur openssl-0.9.8i-ORIG/apps/x509.c openssl-0.9.8i/apps/x509.c --- openssl-0.9.8i-ORIG/apps/x509.c 2007-10-12 00:00:10.000000000 +0000 +++ openssl-0.9.8i/apps/x509.c 2008-12-04 00:00:00.400000000 +0000 @@ -1151,7 +1151,7 @@ /* NOTE: this certificate can/should be self signed, unless it was * a certificate request in which case it is not. */ X509_STORE_CTX_set_cert(&xsc,x); - if (!reqfile && !X509_verify_cert(&xsc)) + if (!reqfile && X509_verify_cert(&xsc) <= 0) goto end; if (!X509_check_private_key(xca,pkey)) diff -ur openssl-0.9.8i-ORIG/crypto/cms/cms_sd.c openssl-0.9.8i/crypto/cms/cms_sd.c --- openssl-0.9.8i-ORIG/crypto/cms/cms_sd.c 2008-04-06 16:30:38.000000000 +0000 +++ openssl-0.9.8i/crypto/cms/cms_sd.c 2008-12-04 00:00:00.400000000 +0000 @@ -830,7 +830,7 @@ cms_fixup_mctx(&mctx, si->pkey); r = EVP_VerifyFinal(&mctx, si->signature->data, si->signature->length, si->pkey); - if (!r) + if (r <= 0) CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE); err: EVP_MD_CTX_cleanup(&mctx); diff -ur openssl-0.9.8i-ORIG/ssl/s2_clnt.c openssl-0.9.8i/ssl/s2_clnt.c --- openssl-0.9.8i-ORIG/ssl/s2_clnt.c 2007-09-06 12:43:53.000000000 +0000 +++ openssl-0.9.8i/ssl/s2_clnt.c 2008-12-04 00:00:00.100000000 +0000 @@ -1044,7 +1044,7 @@ i=ssl_verify_cert_chain(s,sk); - if ((s->verify_mode != SSL_VERIFY_NONE) && (!i)) + if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)) { SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED); goto err; diff -ur openssl-0.9.8i-ORIG/ssl/s2_srvr.c openssl-0.9.8i/ssl/s2_srvr.c --- openssl-0.9.8i-ORIG/ssl/s2_srvr.c 2007-09-06 12:43:53.000000000 +0000 +++ openssl-0.9.8i/ssl/s2_srvr.c 2008-12-04 00:00:00.900000000 +0000 @@ -1054,7 +1054,7 @@ i=ssl_verify_cert_chain(s,sk); - if (i) /* we like the packet, now check the chksum */ + if (i > 0) /* we like the packet, now check the chksum */ { EVP_MD_CTX ctx; EVP_PKEY *pkey=NULL; @@ -1083,7 +1083,7 @@ EVP_PKEY_free(pkey); EVP_MD_CTX_cleanup(&ctx); - if (i) + if (i > 0) { if (s->session->peer != NULL) X509_free(s->session->peer); diff -ur openssl-0.9.8i-ORIG/ssl/s3_clnt.c openssl-0.9.8i/ssl/s3_clnt.c --- openssl-0.9.8i-ORIG/ssl/s3_clnt.c 2008-06-16 16:56:41.000000000 +0000 +++ openssl-0.9.8i/ssl/s3_clnt.c 2008-12-04 00:00:00.100000000 +0000 @@ -972,7 +972,7 @@ } i=ssl_verify_cert_chain(s,sk); - if ((s->verify_mode != SSL_VERIFY_NONE) && (!i) + if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0) #ifndef OPENSSL_NO_KRB5 && (s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK|SSL_AUTH_MASK)) != (SSL_aKRB5|SSL_kKRB5) @@ -1459,7 +1459,7 @@ EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); EVP_VerifyUpdate(&md_ctx,param,param_len); - if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey)) + if (EVP_VerifyFinal(&md_ctx,p,(int)n,pkey) <= 0) { /* bad signature */ al=SSL_AD_DECRYPT_ERROR; @@ -1477,7 +1477,7 @@ EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); EVP_VerifyUpdate(&md_ctx,param,param_len); - if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey)) + if (EVP_VerifyFinal(&md_ctx,p,(int)n,pkey) <= 0) { /* bad signature */ al=SSL_AD_DECRYPT_ERROR; diff -ur openssl-0.9.8i-ORIG/ssl/s3_srvr.c openssl-0.9.8i/ssl/s3_srvr.c --- openssl-0.9.8i-ORIG/ssl/s3_srvr.c 2008-09-14 18:16:09.000000000 +0000 +++ openssl-0.9.8i/ssl/s3_srvr.c 2008-12-04 00:00:00.100000000 +0000 @@ -2560,7 +2560,7 @@ else { i=ssl_verify_cert_chain(s,sk); - if (!i) + if (i <= 0) { al=ssl_verify_alarm_type(s->verify_result); SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATE_RETURNED); diff -ur openssl-0.9.8i-ORIG/ssl/ssltest.c openssl-0.9.8i/ssl/ssltest.c --- openssl-0.9.8i-ORIG/ssl/ssltest.c 2008-06-16 16:56:42.000000000 +0000 +++ openssl-0.9.8i/ssl/ssltest.c 2008-12-04 00:00:00.900000000 +0000 @@ -2093,7 +2093,7 @@ if (cb_arg->proxy_auth) { - if (ok) + if (ok > 0) { const char *cond_end = NULL; . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2009-0004 Synopsis: ESX Service Console updates for openssl, bind, and vim Issue date: 2009-03-31 Updated on: 2009-03-31 (initial release of advisory) CVE numbers: CVE-2008-5077 CVE-2009-0025 CVE-2008-4101 CVE-2008-3432 CVE-2008-2712 CVE-2007-2953 - ------------------------------------------------------------------------ 1. Summary ESX patches for OpenSSL, vim and bind resolve several security issues. 2. Relevant releases VMware ESX 3.0.3 without patches ESX303-200903406-SG, ESX303-200903405-SG, ESX303-200903403-SG VMware ESX 3.0.2 without patches ESX-1008409, ESX-1008408, ESX-1008406 Extended support for ESX 3.0.2 Update 1 ends on 2009-08-08. Users should plan to upgrade to ESX 3.0.3 and preferably to the newest release available. 3. Problem Description a. Updated OpenSSL package for the Service Console fixes a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-5077 to this issue. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi 3.5 ESXi not affected ESX 3.5 ESX affected, patch pending ESX 3.0.3 ESX ESX303-200903406-SG ESX 3.0.2 ESX ESX-1008409 ESX 2.5.5 ESX affected, patch pending * hosted products are VMware Workstation, Player, ACE, Server, Fusion. b. Update bind package for the Service Console fixes a security issue. A flaw was discovered in the way Berkeley Internet Name Domain (BIND) checked the return value of the OpenSSL DSA_do_verify function. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-0025 to this issue. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi 3.5 ESXi not affected ESX 3.5 ESX affected, patch pending ESX 3.0.3 ESX ESX303-200903405-SG ESX 3.0.2 ESX ESX-1008408 ESX 2.5.5 ESX affected, patch pending * hosted products are VMware Workstation, Player, ACE, Server, Fusion. c. Updated vim package for the Service Console addresses several security issues. Several input flaws were found in Visual editor IMproved's (Vim) keyword and tag handling. If Vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitrary code as the user running Vim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-4101 to this issue. A heap-based overflow flaw was discovered in Vim's expansion of file name patterns with shell wildcards. An attacker could create a specially crafted file or directory name, when opened by Vim causes the application to stop responding or execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-3432 to this issue. Several input flaws were found in various Vim system functions. If a user opened a specially crafted file, it was possible to execute arbitrary code as the user running Vim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-2712 to this issue. A format string flaw was discovered in Vim's help tag processor. If a user was tricked into executing the "helptags" command on malicious data, arbitrary code could be executed with the permissions of the user running VIM. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-2953 to this issue. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= VirtualCenter any Windows not affected hosted * any any not affected ESXi 3.5 ESXi not affected ESX 3.5 ESX affected, patch pending ESX 3.0.3 ESX ESX303-200903403-SG ESX 3.0.2 ESX ESX-1008406 ESX 2.5.5 ESX affected, patch pending * hosted products are VMware Workstation, Player, ACE, Server, Fusion. 4. Solution Please review the patch/release notes for your product and version and verify the md5sum of your downloaded file. ESX --- ESX 3.0.2 ESX-1008409 (openssl) http://download3.vmware.com/software/vi/ESX-1008409.tgz md5sum: cb25fd47bc0713b968d8778c033bc846 http://kb.vmware.com/kb/1008409 ESX 3.0.2 ESX-1008408 (bind) http://download3.vmware.com/software/vi/ESX-1008408.tgz md5sum: b6bd9193892a9c89b9b7a1e0456d2a9a http://kb.vmware.com/kb/1008408 ESX 3.0.2 ESX-1008406 (vim) http://download3.vmware.com/software/vi/ESX-1008406.tgz md5sum: f069daa58190b39e431cedbd26ce25ef http://kb.vmware.com/kb/1008406 ESX 3.0.3 ESX303-200903406-SG (openssl) http://download3.vmware.com/software/vi/ESX303-200903406-SG.zip md5sum: 45a2d32f9267deb5e743366c38652c92 http://kb.vmware.com/kb/1008416 ESX 3.0.3 ESX303-200903405-SG (bind) http://download3.vmware.com/software/vi/ESX303-200903405-SG.zip md5sum: 34d00fd9cca7f3e08c0857b4cc254710 http://kb.vmware.com/kb/1008415 ESX 3.0.3 ESX303-200903403-SG (vim) http://download3.vmware.com/software/vi/ESX303-200903403-SG.zip md5sum: 9790c9512aef18beaf0d1c7d405bed1a http://kb.vmware.com/kb/1008413 5. References CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0025 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4101 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3432 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2712 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2953 - ------------------------------------------------------------------------ 6. Change log 2009-03-31 VMSA-2009-0004 Initial security advisory after release of patches for ESX 3.0.2 and 3.0.3 on 2009-03-31. - ----------------------------------------------------------------------- 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Center http://www.vmware.com/security VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2009 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (MingW32) iD8DBQFJ0tgoS2KysvBH1xkRAiAbAJ4uG0NGavdQLzfxFyXnrxBQLqHl1QCdEf4q LA8+0sLvaS37smj8BQPdm0g= =ZVXY -----END PGP SIGNATURE----- . At the request of the OpenSSL team, oCERT has aided in the remediation coordination for other projects with similar API misuse vulnerabilities. In addition to EVP_VerifyFinal, the return codes from DSA_verify and DSA_do_verify functions were being incorrectly validated, and packages doing so are affected in a similar fashion as OpenSSL. NTP <= 4.2.4p5 (production), <= 4.2.5p150 (development) Sun GridEngine <= 5.3 Gale <= 0.99 OpenEvidence <= 1.0.6 Belgian eID middleware - eidlib <= 2.6.0 [2] Freedom Network Server <= 2.x The following packages were identified as affected by a vulnerability similar to the OpenSSL one, as they use OpenSSL DSA_verify function and incorrectly check the return code. 2 - Belgian eID middleware latest versions are not available in source form, therefore we cannot confirm if they are affected Fixed version: OpenSSL >= 0.9.8j NTP >= 4.2.4p6 (production), >= 4.2.5p153 (development) Sun GridEngine >= 6.0 Gale N/A OpenEvidence N/A Belgian eID middleware - eidlib N/A Freedom Network Server N/A BIND >= 9.3.6-P1, 9.4.3-P1, 9.5.1-P1, 9.6.0-P1 Lasso >= 2.2.2 ZXID N/A Credit: Google Security Team (for the original OpenSSL issue). CVE: CVE-2008-5077 (OpenSSL), CVE-2009-0021 (NTP), CVE-2009-0025 (BIND) Timeline: 2008-12-16: OpenSSL Security Team requests coordination aid from oCERT 2008-12-16: oCERT investigates packages affected by similar issues 2008-12-16: contacted affected vendors 2008-12-17: investigation expanded to DSA verification 2008-12-17: BIND, Lasso and ZXID added to affected packages 2008-12-18: contacted additional affected vendors 2009-01-05: status updates and patch dissemination to affected vendors 2009-01-05: confirmation from BIND of issue and fix 2009-01-06: requested CVE assignment for BIND 2009-01-07: advisory published References: http://openssl.org/news/secadv_20090107.txt Links: http://openssl.org/ http://www.ntp.org/ http://gridengine.sunsource.net/ http://gale.org/ http://www.openevidence.org/ http://eid.belgium.be/ http://www.google.com/codesearch/p?#1vGzyQX--LU/achilles/remailer/zero-knowledge/freedomserver-2.x.tgz/ https://www.isc.org/products/BIND http://lasso.entrouvert.org/ http://www.zxid.org/ Permalink: http://www.ocert.org/advisories/ocert-2008-016.html -- Will Drewry <redpig@ocert.org> oCERT Team :: http://ocert.org . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200904-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: ntp: Certificate validation error Date: April 05, 2009 Bugs: #254098 ID: 200904-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== An error in the OpenSSL certificate chain validation in ntp might allow for spoofing attacks. Background ========== ntp contains the client and daemon implementations for the Network Time Protocol. Impact ====== A remote attacker could exploit this vulnerability to spoof arbitrary names to conduct Man-In-The-Middle attacks and intercept sensitive information. Workaround ========== There is no known workaround at this time. Resolution ========== All ntp users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.4_p6" References ========== [ 1 ] CVE-2008-5077 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077 [ 2 ] CVE-2009-0021 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0021 [ 3 ] GLSA 200902-02 http://www.gentoo.org/security/en/glsa/glsa-200902-02.xml Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200904-05.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . HP SSL v1.3 for OpenVMS Alpha (v 8.2 or higher) and Integrity (v 8.2-1 or higher)

Trust: 2.34

sources: NVD: CVE-2008-5077 // CNVD: CNVD-2010-0376 // BID: 33150 // PACKETSTORM: 73670 // PACKETSTORM: 77647 // PACKETSTORM: 73659 // PACKETSTORM: 76261 // PACKETSTORM: 73658 // PACKETSTORM: 76379 // PACKETSTORM: 90746

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2010-0376

AFFECTED PRODUCTS

vendor:opensslmodel:opensslscope:eqversion:0.9.3

Trust: 1.6

vendor:opensslmodel:opensslscope:eqversion:0.9.1c

Trust: 1.6

vendor:opensslmodel:opensslscope:eqversion:0.9.6

Trust: 1.6

vendor:opensslmodel:opensslscope:eqversion:0.9.5

Trust: 1.6

vendor:opensslmodel:opensslscope:eqversion:0.9.3a

Trust: 1.6

vendor:opensslmodel:opensslscope:eqversion:0.9.2b

Trust: 1.6

vendor:opensslmodel:opensslscope:eqversion:0.9.4

Trust: 1.6

vendor:opensslmodel:opensslscope:eqversion:0.9.8e

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6b

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8a

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6c

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.7g

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6a

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6e

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.7

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.7h

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.7i

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6k

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6d

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6l

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8d

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6j

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8f

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.7j

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.7a

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.5a

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.7l

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6m

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6g

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.7k

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6f

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.7c

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8b

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8g

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8c

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6i

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.7d

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.7e

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.6h

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.7b

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.7f

Trust: 1.0

vendor:opensslmodel:opensslscope:lteversion:0.9.8h

Trust: 1.0

vendor:opensslmodel:opensslscope:eqversion:0.9.8

Trust: 1.0

vendor:nomodel: - scope: - version: -

Trust: 0.6

vendor:opensslmodel:opensslscope:eqversion:0.9.8h

Trust: 0.6

vendor:iscmodel:bind a1scope:eqversion:9.5

Trust: 0.3

vendor:f5model:bigip application security managerscope:neversion:10.0.1

Trust: 0.3

vendor:sunmodel:opensolaris build snv 95scope: - version: -

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.3

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.4

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.2.6

Trust: 0.3

vendor:opensslmodel:project openssl 0.9.8fscope: - version: -

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.6

Trust: 0.3

vendor:sunmodel:opensolaris build snv 93scope: - version: -

Trust: 0.3

vendor:mcafeemodel:email and web security appliancescope:eqversion:5.6

Trust: 0.3

vendor:nortelmodel:networks enterprise voip tm-cs1000scope: - version: -

Trust: 0.3

vendor:nortelmodel:networks vpn router contivityscope:eqversion:-26000

Trust: 0.3

vendor:f5model:big-ip psmscope:eqversion:10.0

Trust: 0.3

vendor:opensslmodel:project openssl gscope:eqversion:0.9.7

Trust: 0.3

vendor:bsdperimetermodel:pfsense 1.2-rc4scope: - version: -

Trust: 0.3

vendor:nortelmodel:networks switched firewall seriesscope:eqversion:5700

Trust: 0.3

vendor:f5model:big-ip local traffic managerscope:neversion:10.0.1

Trust: 0.3

vendor:opensslmodel:project openssl bscope:eqversion:0.9.8

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:11.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.4

Trust: 0.3

vendor:susemodel:linux enterprise sp2 debuginfoscope:eqversion:10

Trust: 0.3

vendor:redhatmodel:enterprise linux esscope:eqversion:4

Trust: 0.3

vendor:f5model:firepassscope:eqversion:7.0

Trust: 0.3

vendor:turbolinuxmodel:appliance server hosting editionscope:eqversion:1.0

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.4

Trust: 0.3

vendor:opensslmodel:project openssl bscope:eqversion:0.9.7

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.5.7

Trust: 0.3

vendor:cwrsyncmodel:cwrsyncscope:eqversion:2.0.9

Trust: 0.3

vendor:iscmodel:bind a5scope:eqversion:9.4

Trust: 0.3

vendor:sunmodel:opensolaris build snv 99scope: - version: -

Trust: 0.3

vendor:iscmodel:bind b3scope:eqversion:9.4

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.6.4

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.1.7

Trust: 0.3

vendor:iscmodel:bind b4scope:eqversion:9.4

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:2.0

Trust: 0.3

vendor:cwrsyncmodel:cwrsyncscope:eqversion:2.1.3

Trust: 0.3

vendor:opensslmodel:project openssl b-36.8scope:eqversion:0.9.6

Trust: 0.3

vendor:iscmodel:bindscope:eqversion:9.4.3

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2008.1

Trust: 0.3

vendor:f5model:bigip global traffic managerscope:eqversion:9.3.1

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:6.06

Trust: 0.3

vendor:sunmodel:grid enginescope:eqversion:5.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.5

Trust: 0.3

vendor:sunmodel:opensolaris build snv 100scope: - version: -

Trust: 0.3

vendor:iscmodel:bindscope:eqversion:9.3.2

Trust: 0.3

vendor:f5model:wanjetscope:eqversion:4.2

Trust: 0.3

vendor:debianmodel:linux alphascope:eqversion:4.0

Trust: 0.3

vendor:redhatmodel:enterprise linux esscope:eqversion:2.1

Trust: 0.3

vendor:nortelmodel:networks vpn routerscope:eqversion:2210

Trust: 0.3

vendor:debianmodel:linux mipselscope:eqversion:4.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.1

Trust: 0.3

vendor:iscmodel:bind -p1scope:eqversion:9.2.6

Trust: 0.3

vendor:f5model:bigip application security managerscope:eqversion:10.0

Trust: 0.3

vendor:sunmodel:sparc enterprise m3000scope: - version: -

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.2

Trust: 0.3

vendor:susemodel:linux enterprise serverscope:eqversion:8

Trust: 0.3

vendor:cwrsyncmodel:cwrsyncscope:eqversion:2.1.4

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.2.3

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.3

Trust: 0.3

vendor:f5model:firepassscope:eqversion:6.0.2.3

Trust: 0.3

vendor:susemodel:linux enterprise server sp4scope:eqversion:10

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:9.1

Trust: 0.3

vendor:iscmodel:bindscope:eqversion:9.6

Trust: 0.3

vendor:cwrsyncmodel:cwrsyncscope:eqversion:2.1.1

Trust: 0.3

vendor:sunmodel:opensolaris build snv 85scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 19scope: - version: -

Trust: 0.3

vendor:turbolinuxmodel:appliance server workgroup editionscope:eqversion:1.0

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.2.1

Trust: 0.3

vendor:sunmodel:opensolaris build snv 45scope: - version: -

Trust: 0.3

vendor:freebsdmodel:-prereleasescope:eqversion:7.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.6

Trust: 0.3

vendor:f5model:big-ip local traffic managerscope:eqversion:10.0

Trust: 0.3

vendor:avayamodel:message networkingscope:eqversion:3.1

Trust: 0.3

vendor:avayamodel:meeting exchangescope:eqversion:5.0.0.52

Trust: 0.3

vendor:sunmodel:sparc enterprise m9000scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 78scope: - version: -

Trust: 0.3

vendor:vmwaremodel:esx serverscope:eqversion:3.5

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.5.1

Trust: 0.3

vendor:f5model:big-ip webacceleratorscope:eqversion:10.0

Trust: 0.3

vendor:iscmodel:bind 9.5.0a7scope: - version: -

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.4

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:communication manager server definity server si/csscope: - version: -

Trust: 0.3

vendor:f5model:firepassscope:eqversion:6.0.3

Trust: 0.3

vendor:f5model:bigip application security managerscope:eqversion:9.3.1

Trust: 0.3

vendor:iscmodel:bind b1scope:eqversion:9.2.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.4

Trust: 0.3

vendor:sunmodel:opensolaris build snv 89scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 39scope: - version: -

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.1.6

Trust: 0.3

vendor:avayamodel:message networking mnscope:eqversion:3.1

Trust: 0.3

vendor:opensslmodel:project openssl gscope:eqversion:0.9.6

Trust: 0.3

vendor:turbolinuxmodel:wizpyscope:eqversion:0

Trust: 0.3

vendor:s u s emodel:open-enterprise-serverscope:eqversion:0

Trust: 0.3

vendor:redhatmodel:enterprise linux asscope:eqversion:3

Trust: 0.3

vendor:opensslmodel:project openssl hscope:eqversion:0.9.7

Trust: 0.3

vendor:freebsdmodel:-release-p8scope:eqversion:6.3

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:3.2.1

Trust: 0.3

vendor:f5model:bigip global traffic managerscope:eqversion:9.4.8

Trust: 0.3

vendor:sunmodel:opensolaris build snv 90scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 68scope: - version: -

Trust: 0.3

vendor:iscmodel:bind a4scope:eqversion:9.4

Trust: 0.3

vendor:opensslmodel:project openssl iscope:eqversion:0.9.7

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:4.0

Trust: 0.3

vendor:sunmodel:grid engine sun linuxscope:eqversion:5.3

Trust: 0.3

vendor:f5model:big-ip local traffic managerscope:eqversion:9.3.1

Trust: 0.3

vendor:iscmodel:bind 9.5.0a6scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 67scope: - version: -

Trust: 0.3

vendor:nortelmodel:networks vpn routerscope:eqversion:1050

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:7.10

Trust: 0.3

vendor:opensslmodel:project openssl bscope:eqversion:0.9.6

Trust: 0.3

vendor:nortelmodel:networks ssl vpn modulescope:eqversion:10000

Trust: 0.3

vendor:turbolinuxmodel:clientscope:eqversion:2008

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.5

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.3.4

Trust: 0.3

vendor:f5model:big-ip local traffic managerscope:eqversion:9.4

Trust: 0.3

vendor:ntpmodel:p6scope:neversion:4.2.4

Trust: 0.3

vendor:sunmodel:grid enginescope:eqversion:5.3x86

Trust: 0.3

vendor:iscmodel:bindscope:eqversion:9.3.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4

Trust: 0.3

vendor:freebsdmodel:-relengscope:eqversion:6.3

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.1

Trust: 0.3

vendor:sunmodel:opensolaris build snv 77scope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 61scope: - version: -

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:1.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.2

Trust: 0.3

vendor:f5model:big-ip webacceleratorscope:eqversion:9.4

Trust: 0.3

vendor:voodoomodel:circlescope:eqversion:1.1

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2009.0

Trust: 0.3

vendor:avayamodel:communication managerscope:eqversion:2.0.1

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.3

Trust: 0.3

vendor:sunmodel:opensolaris build snv 82scope: - version: -

Trust: 0.3

vendor:iscmodel:bind 9.5.0-p2-w1scope: - version: -

Trust: 0.3

vendor:freebsdmodel:7.0-stablescope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 29scope: - version: -

Trust: 0.3

vendor:avayamodel:communication managerscope:eqversion:1.1

Trust: 0.3

vendor:iscmodel:bind rc2scope:eqversion:9.2.7

Trust: 0.3

vendor:ingatemodel:siparatorscope:neversion:4.7.1

Trust: 0.3

vendor:opensslmodel:project openssl ascope:eqversion:0.9.7

Trust: 0.3

vendor:ingatemodel:firewalllscope:eqversion:4.4

Trust: 0.3

vendor:freebsdmodel:-relengscope:eqversion:6.2

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:10.3

Trust: 0.3

vendor:mandrakesoftmodel:multi network firewallscope:eqversion:2.0

Trust: 0.3

vendor:hpmodel:ssl for openvmsscope:eqversion:1.3

Trust: 0.3

vendor:iscmodel:bind a1scope:eqversion:9.4

Trust: 0.3

vendor:freebsdmodel:7.0-release-p8scope: - version: -

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.3

Trust: 0.3

vendor:f5model:bigip application security managerscope:eqversion:9.4.8

Trust: 0.3

vendor:iscmodel:bind rc1scope:eqversion:9.2.7

Trust: 0.3

vendor:f5model:bigip global traffic managerscope:eqversion:9.3

Trust: 0.3

vendor:f5model:firepassscope:eqversion:6.1

Trust: 0.3

vendor:rpathmodel:linuxscope:eqversion:1

Trust: 0.3

vendor:mandrakesoftmodel:corporate server x86 64scope:eqversion:4.0

Trust: 0.3

vendor:iscmodel:bindscope:eqversion:9.4.1

Trust: 0.3

vendor:iscmodel:bindscope:eqversion:9.3.6

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.2.9.1

Trust: 0.3

vendor:iscmodel:bindscope:eqversion:9.3.4

Trust: 0.3

vendor:iscmodel:bind 9.4.2-p2scope: - version: -

Trust: 0.3

vendor:voodoomodel:circlescope:neversion:1.1.34

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:12.2

Trust: 0.3

vendor:nortelmodel:networks switched firewall seriesscope:eqversion:5400

Trust: 0.3

vendor:bsdperimetermodel:pfsensescope:neversion:1.2.2

Trust: 0.3

vendor:bsdperimetermodel:pfsensescope:eqversion:1.2.1

Trust: 0.3

vendor:nortelmodel:networks switched firewall seriesscope:eqversion:6600

Trust: 0.3

vendor:iscmodel:bind 9.4.2-p2-w2scope: - version: -

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.6.4

Trust: 0.3

vendor:mcafeemodel:email and web security appliance patchscope:neversion:5.65

Trust: 0.3

vendor:hpmodel:system management homepagescope:neversion:3.0.1.73

Trust: 0.3

vendor:avayamodel:communication managerscope:eqversion:4.0

Trust: 0.3

vendor:f5model:big-ip local traffic managerscope:eqversion:9.4.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.6

Trust: 0.3

vendor:freebsdmodel:7.1-stablescope: - version: -

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:4.0

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:6.2

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop clientscope:eqversion:5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.11

Trust: 0.3

vendor:nortelmodel:networks csscope:eqversion:1000

Trust: 0.3

vendor:f5model:big-ip webacceleratorscope:eqversion:9.4.8

Trust: 0.3

vendor:sunmodel:opensolaris build snv 105scope: - version: -

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.8

Trust: 0.3

vendor:freebsdmodel:-pre-releasescope:eqversion:7.1

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:6.06

Trust: 0.3

vendor:susemodel:linux enterprise sdk sp2scope:eqversion:10

Trust: 0.3

vendor:avayamodel:messaging storage serverscope: - version: -

Trust: 0.3

vendor:f5model:bigip samscope:eqversion:8.0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 88scope: - version: -

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:4.0

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:11.4

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2008.0

Trust: 0.3

vendor:sunmodel:sparc t3-1bscope:eqversion:0

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.3.3

Trust: 0.3

vendor:opensslmodel:project openssl jscope:neversion:0.9.8

Trust: 0.3

vendor:iscmodel:bindscope:eqversion:9.3.3

Trust: 0.3

vendor:iscmodel:bindscope:eqversion:9.2.2

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.2.3

Trust: 0.3

vendor:opensslmodel:project openssl hscope:eqversion:0.9.6

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:0

Trust: 0.3

vendor:ubuntumodel:linux lts sparcscope:eqversion:8.04

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4

Trust: 0.3

vendor:sunmodel:sparc enterprise m5000scope: - version: -

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:8.04

Trust: 0.3

vendor:opensslmodel:project openssl ascope:eqversion:0.9.5

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:4.2

Trust: 0.3

vendor:opensslmodel:project openssl iscope:eqversion:0.9.6

Trust: 0.3

vendor:ingatemodel:firewallscope:neversion:4.7.1

Trust: 0.3

vendor:opensslmodel:project openssl dscope:eqversion:0.9.7

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:7.0

Trust: 0.3

vendor:sunmodel:opensolaris build snv 59scope: - version: -

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:4.0

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:8.1

Trust: 0.3

vendor:turbolinuxmodel:fujiscope:eqversion:0

Trust: 0.3

vendor:avayamodel:communication manager server s8300scope: - version: -

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.6.1

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:12.1

Trust: 0.3

vendor:f5model:big-ip link controllerscope:eqversion:9.4.8

Trust: 0.3

vendor:mandrakesoftmodel:corporate server x86 64scope:eqversion:3.0

Trust: 0.3

vendor:iscmodel:bindscope:eqversion:9.1.2

Trust: 0.3

vendor:americanmodel:radio relay league tqsllibscope:eqversion:2.0

Trust: 0.3

vendor:iscmodel:bind 9.5.0a3scope: - version: -

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:7.10

Trust: 0.3

vendor:sunmodel:sparc t3-2scope:eqversion:0

Trust: 0.3

vendor:mandrakesoftmodel:corporate serverscope:eqversion:4.0

Trust: 0.3

vendor:iscmodel:bindscope:eqversion:9.0.1

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:4.1

Trust: 0.3

vendor:opensslmodel:project openssl 0.9.8gscope: - version: -

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.1.3

Trust: 0.3

vendor:avayamodel:meeting exchangescope:eqversion:5.0

Trust: 0.3

vendor:f5model:enterprise managerscope:eqversion:1.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.3

Trust: 0.3

vendor:sunmodel:solaris 10 sparcscope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 96scope: - version: -

Trust: 0.3

vendor:avayamodel:communication managerscope:eqversion:3.0

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:7.10

Trust: 0.3

vendor:rpathmodel:appliance platform linux servicescope:eqversion:1

Trust: 0.3

vendor:sunmodel:netra sparc t3-1bscope:eqversion:0

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5

Trust: 0.3

vendor:opensslmodel:project openssl ascope:eqversion:0.9.6

Trust: 0.3

vendor:nortelmodel:networks self-service mpsscope:eqversion:5000

Trust: 0.3

vendor:susemodel:linux enterprise server sp3scope:eqversion:10

Trust: 0.3

vendor:iscmodel:bindscope:eqversion:9.1.1

Trust: 0.3

vendor:opensslmodel:project openssl cscope:eqversion:0.9.6

Trust: 0.3

vendor:iscmodel:bind 9.5.0b2scope: - version: -

Trust: 0.3

vendor:avayamodel:communication managerscope:eqversion:3.1

Trust: 0.3

vendor:avayamodel:communication manager server s8700scope: - version: -

Trust: 0.3

vendor:galemodel:galescope:eqversion:0.99

Trust: 0.3

vendor:opensslmodel:project openssl fscope:eqversion:0.9.7

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:3.1

Trust: 0.3

vendor:sunmodel:opensolaris build snv 36scope: - version: -

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.6

Trust: 0.3

vendor:iscmodel:bindscope:eqversion:9.1

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:4.0

Trust: 0.3

vendor:susemodel:linux enterprise serverscope:eqversion:9

Trust: 0.3

vendor:vmwaremodel:esx serverscope:eqversion:3.0.3

Trust: 0.3

vendor:hpmodel:hp-ux b.11.11scope: - version: -

Trust: 0.3

vendor:freebsdmodel:-release-p1scope:eqversion:7.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.8

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.3.4

Trust: 0.3

vendor:sunmodel:opensolaris build snv 94scope: - version: -

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:3.1.3

Trust: 0.3

vendor:iscmodel:bind a2scope:eqversion:9.4

Trust: 0.3

vendor:s u s emodel:novell linux desktopscope:eqversion:9.0

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:7.10

Trust: 0.3

vendor:opensslmodel:project opensslscope:eqversion:0.9.3

Trust: 0.3

vendor:f5model:firepassscope:eqversion:5.5

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2008.1

Trust: 0.3

vendor:vmwaremodel:esx serverscope:eqversion:4.0

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.1.8

Trust: 0.3

vendor:redhatmodel:enterprise linux wsscope:eqversion:4

Trust: 0.3

vendor:iscmodel:bindscope:eqversion:9.3.1

Trust: 0.3

vendor:f5model:enterprise managerscope:eqversion:1.4

Trust: 0.3

vendor:f5model:big-ip link controllerscope:eqversion:9.3

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.6

Trust: 0.3

vendor:freebsdmodel:-release-p6scope:eqversion:6.3

Trust: 0.3

vendor:iscmodel:bind 9.4.3-p1scope:neversion: -

Trust: 0.3

vendor:opensslmodel:project openssl cscope:eqversion:0.9.1

Trust: 0.3

vendor:opensslmodel:project openssl lscope:eqversion:0.9.7

Trust: 0.3

vendor:f5model:wanjetscope:eqversion:5.0.2

Trust: 0.3

vendor:sunmodel:opensolaris build snv 50scope: - version: -

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:4.0

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.2.8

Trust: 0.3

vendor:iscmodel:bindscope:eqversion:9.4

Trust: 0.3

vendor:nortelmodel:networks vpn routerscope:eqversion:2700

Trust: 0.3

vendor:nortelmodel:networks vpn routerscope:eqversion:1740

Trust: 0.3

vendor:mandrakesoftmodel:corporate serverscope:eqversion:3.0

Trust: 0.3

vendor:nortelmodel:networks vpn routerscope:eqversion:1010

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:3.1.6

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:3.1.4

Trust: 0.3

vendor:opensslmodel:project openssl hscope:eqversion:0.9.8

Trust: 0.3

vendor:avayamodel:communication manager server s8500scope: - version: -

Trust: 0.3

vendor:turbolinuxmodel:serverscope:eqversion:10.0.0x64

Trust: 0.3

vendor:iscmodel:bind a3scope:eqversion:9.4

Trust: 0.3

vendor:iscmodel:bind 9.5.1b1scope: - version: -

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:4.2.1

Trust: 0.3

vendor:opensslmodel:project openssl iscope:eqversion:0.9.8

Trust: 0.3

vendor:sunmodel:opensolaris build snv 01scope: - version: -

Trust: 0.3

vendor:iscmodel:bind rc2scope:eqversion:9.4

Trust: 0.3

vendor:sunmodel:opensolaris build snv 92scope: - version: -

Trust: 0.3

vendor:applemodel:mac osscope:neversion:x10.5.7

Trust: 0.3

vendor:rpathmodel:linuxscope:eqversion:2

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:3.1.5

Trust: 0.3

vendor:opensslmodel:project openssl dscope:eqversion:0.9.6

Trust: 0.3

vendor:f5model:big-ip psmscope:eqversion:9.4.8

Trust: 0.3

vendor:sunmodel:opensolaris build snv 83scope: - version: -

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.5.2

Trust: 0.3

vendor:sunmodel:opensolaris build snv 106scope: - version: -

Trust: 0.3

vendor:avayamodel:meeting exchangescope:eqversion:5.1

Trust: 0.3

vendor:nortelmodel:networks vpn router contivityscope:eqversion:-45000

Trust: 0.3

vendor:nortelmodel:networks switched firewall seriesscope:eqversion:5300

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.2.2

Trust: 0.3

vendor:iscmodel:bindscope:eqversion:9.2.1

Trust: 0.3

vendor:hpmodel:hp-ux b.11.23scope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl beta2scope:eqversion:0.9.7

Trust: 0.3

vendor:redhatmodel:enterprise linux wsscope:eqversion:2.1

Trust: 0.3

vendor:freebsdmodel:6.4-release-p2scope: - version: -

Trust: 0.3

vendor:turbolinuxmodel:serverscope:eqversion:11x64

Trust: 0.3

vendor:vmwaremodel:esx serverscope:eqversion:3.0.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.10

Trust: 0.3

vendor:nortelmodel:networks vpn router contivityscope:eqversion:-46000

Trust: 0.3

vendor:freebsdmodel:-stablescope:eqversion:6.4

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:9.0

Trust: 0.3

vendor:iscmodel:bind 9.5.0-p2scope: - version: -

Trust: 0.3

vendor:iscmodel:bind 9.6.0-p1scope:neversion: -

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:3.0.2

Trust: 0.3

vendor:nortelmodel:networks vpn routerscope:eqversion:17500

Trust: 0.3

vendor:f5model:firepassscope:eqversion:6.0.2

Trust: 0.3

vendor:avayamodel:messaging storage serverscope:eqversion:3.1

Trust: 0.3

vendor:pardusmodel:linuxscope:eqversion:20080

Trust: 0.3

vendor:turbolinuxmodel:personalscope: - version: -

Trust: 0.3

vendor:nortelmodel:networks self-service peri applicationscope:eqversion:0

Trust: 0.3

vendor:redhatmodel:enterprise linux esscope:eqversion:3

Trust: 0.3

vendor:cwrsyncmodel:cwrsyncscope:eqversion:3.0

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.3.3

Trust: 0.3

vendor:avayamodel:communication manager sp3scope:eqversion:5.0

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:11.1

Trust: 0.3

vendor:sunmodel:opensolaris build snv 76scope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl ascope:eqversion:0.9.8

Trust: 0.3

vendor:opensslmodel:project opensslscope:eqversion:0.9.8

Trust: 0.3

vendor:opensslmodel:project openssl escope:eqversion:0.9.7

Trust: 0.3

vendor:opensslmodel:project openssl cscope:eqversion:0.9.8

Trust: 0.3

vendor:avayamodel:proactive contactscope:eqversion:3.0

Trust: 0.3

vendor:freebsdmodel:7.0-releasescope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 101ascope: - version: -

Trust: 0.3

vendor:avayamodel:communication manager sp1scope:eqversion:4.0.3

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:8.10

Trust: 0.3

vendor:opensslmodel:project openssl fscope:eqversion:0.9.6

Trust: 0.3

vendor:opensslmodel:project opensslscope:eqversion:0.9.7

Trust: 0.3

vendor:sunmodel:opensolaris build snv 87scope: - version: -

Trust: 0.3

vendor:iscmodel:bindscope:eqversion:9.2.8

Trust: 0.3

vendor:opensslmodel:project openssl cscope:eqversion:0.9.7

Trust: 0.3

vendor:freebsdmodel:-stablescope:eqversion:6.2

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.6.1

Trust: 0.3

vendor:nortelmodel:networks vpn routerscope:eqversion:5000

Trust: 0.3

vendor:f5model:wanjetscope:eqversion:4.2.8

Trust: 0.3

vendor:turbolinuxmodel:appliance serverscope:eqversion:2.0

Trust: 0.3

vendor:f5model:firepassscope:eqversion:5.5.2

Trust: 0.3

vendor:iscmodel:bind 9.5.0b1scope: - version: -

Trust: 0.3

vendor:ubuntumodel:linux lpiascope:eqversion:7.10

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2009.0

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.5.2

Trust: 0.3

vendor:iscmodel:bind p1scope:neversion:9.3.6

Trust: 0.3

vendor:f5model:big-ip psmscope:eqversion:9.4.5

Trust: 0.3

vendor:iscmodel:bind 9.5.0a5scope: - version: -

Trust: 0.3

vendor:nortelmodel:networks vpn routerscope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 57scope: - version: -

Trust: 0.3

vendor:opensslmodel:project opensslscope:eqversion:0.9.4

Trust: 0.3

vendor:opensslmodel:project openssl lscope:eqversion:0.9.6

Trust: 0.3

vendor:freebsdmodel:-relengscope:eqversion:7.0

Trust: 0.3

vendor:f5model:firepassscope:eqversion:6.0

Trust: 0.3

vendor:iscmodel:bindscope:eqversion:9.2.5

Trust: 0.3

vendor:susemodel:linux enterprise desktop sp2scope:eqversion:10

Trust: 0.3

vendor:rpathmodel:appliance platform linux servicescope:eqversion:2

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:11.0

Trust: 0.3

vendor:avayamodel:meeting exchange enterprise editionscope:eqversion: -

Trust: 0.3

vendor:ubuntumodel:linux lts sparcscope:eqversion:6.06

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:4.0

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:10.1

Trust: 0.3

vendor:avayamodel:communication managerscope:eqversion:2.1

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.3.1

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:10.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.10

Trust: 0.3

vendor:belgiummodel:eid middlewarescope:eqversion:2.6

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:3.1.1

Trust: 0.3

vendor:sunmodel:sparc enterprise m8000scope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl dscope:eqversion:0.9.8

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.4.1

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:3.1

Trust: 0.3

vendor:iscmodel:bind rc3scope:eqversion:9.2.7

Trust: 0.3

vendor:opensslmodel:project opensslscope:eqversion:0.9.5

Trust: 0.3

vendor:ubuntumodel:linux lts lpiascope:eqversion:8.04

Trust: 0.3

vendor:redhatmodel:enterprise linux as ia64scope:eqversion:2.1

Trust: 0.3

vendor:nortelmodel:networks vpnscope:eqversion:30500

Trust: 0.3

vendor:f5model:bigip application security managerscope:eqversion:9.3

Trust: 0.3

vendor:sunmodel:sparc t3-4scope:eqversion:0

Trust: 0.3

vendor:f5model:wanjetscope:eqversion:5.0

Trust: 0.3

vendor:sunmodel:grid engine 32-bit sparcscope:eqversion:5.3

Trust: 0.3

vendor:redhatmodel:enterprise linux asscope:eqversion:4

Trust: 0.3

vendor:iscmodel:bindscope:eqversion:9.2.6

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:3.3.1

Trust: 0.3

vendor:debianmodel:linux m68kscope:eqversion:4.0

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:4.0

Trust: 0.3

vendor:cwrsyncmodel:cwrsyncscope:neversion:3.0.1

Trust: 0.3

vendor:nortelmodel:networks vpn routerscope:eqversion:2510

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:4.2.3

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.3.2

Trust: 0.3

vendor:iscmodel:bind 9.4.2-p2-w1scope: - version: -

Trust: 0.3

vendor:hpmodel:hp-ux b.11.31scope: - version: -

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.9

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:4.0

Trust: 0.3

vendor:f5model:big-ip local traffic managerscope:eqversion:9.3

Trust: 0.3

vendor:openbsdmodel:openbsdscope:eqversion:4.4

Trust: 0.3

vendor:vmwaremodel:esx serverscope:eqversion:2.5.5

Trust: 0.3

vendor:iscmodel:bind -p1scope:eqversion:9.4.1

Trust: 0.3

vendor:debianmodel:linux hppascope:eqversion:4.0

Trust: 0.3

vendor:opensslmodel:project openssl escope:eqversion:0.9.6

Trust: 0.3

vendor:nortelmodel:networks self-service mpsscope:eqversion:10000

Trust: 0.3

vendor:opensslmodel:project openssl fscope:eqversion:0.9.8

Trust: 0.3

vendor:f5model:enterprise managerscope:eqversion:1.8

Trust: 0.3

vendor:f5model:bigip global traffic managerscope:eqversion:10.0

Trust: 0.3

vendor:nortelmodel:networks vpnscope:eqversion:30700

Trust: 0.3

vendor:iscmodel:bindscope:eqversion:9.2.4

Trust: 0.3

vendor:sunmodel:opensolaris build snv 102scope: - version: -

Trust: 0.3

vendor:opensslmodel:project opensslscope:eqversion:0.9.6

Trust: 0.3

vendor:avayamodel:communication managerscope:eqversion:5.1

Trust: 0.3

vendor:sunmodel:opensolaris build snv 02scope: - version: -

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.2.2

Trust: 0.3

vendor:f5model:enterprise managerscope:eqversion:1.4.1

Trust: 0.3

vendor:susemodel:linux enterprise teradata sp3scope:eqversion:10

Trust: 0.3

vendor:bsdperimetermodel:pfsense 1.2-rc3scope: - version: -

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.7

Trust: 0.3

vendor:iscmodel:bind b1scope:eqversion:9.4

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:8.10

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:3.2

Trust: 0.3

vendor:redhatmodel:enterprise linux es ia64scope:eqversion:2.1

Trust: 0.3

vendor:sunmodel:opensolaris build snv 80scope: - version: -

Trust: 0.3

vendor:redhatmodel:enterprise linux asscope:eqversion:2.1

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.11

Trust: 0.3

vendor:f5model:firepassscope:eqversion:6.0.1

Trust: 0.3

vendor:debianmodel:linuxscope:eqversion:4.0

Trust: 0.3

vendor:avayamodel:communication manager sp2scope:eqversion:3.1.4

Trust: 0.3

vendor:ntpmodel:p5scope:eqversion:4.2.4

Trust: 0.3

vendor:f5model:big-ip local traffic managerscope:eqversion:9.6.1

Trust: 0.3

vendor:sunmodel:opensolaris build snv 104scope: - version: -

Trust: 0.3

vendor:avayamodel:communication manager server s8100scope: - version: -

Trust: 0.3

vendor:f5model:big-ip wan optimization modulescope:neversion:10.0.1

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:8.10

Trust: 0.3

vendor:sunmodel:netra sparc t3-1scope:eqversion:0

Trust: 0.3

vendor:opensslmodel:project openssl kscope:eqversion:0.9.7

Trust: 0.3

vendor:iscmodel:bindscope:eqversion:9.2

Trust: 0.3

vendor:ntpmodel:p153scope:neversion:4.2.5

Trust: 0.3

vendor:susemodel:linux enterprise serverscope:eqversion:10

Trust: 0.3

vendor:sunmodel:opensolaris build snv 107scope:neversion: -

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:12.0

Trust: 0.3

vendor:f5model:wanjetscope:eqversion:4.2.16

Trust: 0.3

vendor:sunmodel:sparc t3-1scope:eqversion:0

Trust: 0.3

vendor:iscmodel:bindscope:eqversion:9.2.3

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:10.0

Trust: 0.3

vendor:iscmodel:bind b2scope:eqversion:9.4

Trust: 0.3

vendor:ubuntumodel:linux lts powerpcscope:eqversion:6.06

Trust: 0.3

vendor:cwrsyncmodel:cwrsyncscope:eqversion:2.1

Trust: 0.3

vendor:freebsdmodel:beta4scope:eqversion:7.0

Trust: 0.3

vendor:turbolinuxmodel:serverscope:eqversion:11

Trust: 0.3

vendor:opensslmodel:project openssl beta3scope:eqversion:0.9.7

Trust: 0.3

vendor:freebsdmodel:-releasescope:eqversion:6.4

Trust: 0.3

vendor:f5model:bigip global traffic managerscope:eqversion:9.4

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.1.5

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:8.04

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.1

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:8.10

Trust: 0.3

vendor:avayamodel:intuity audix lxscope:eqversion:1.0

Trust: 0.3

vendor:ubuntumodel:linux lts powerpcscope:eqversion:8.04

Trust: 0.3

vendor:sunmodel:opensolaris build snv 84scope: - version: -

Trust: 0.3

vendor:redhatmodel:enterprise linux ws ia64scope:eqversion:2.1

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:11.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.9

Trust: 0.3

vendor:opensslmodel:project openssl mscope:eqversion:0.9.7

Trust: 0.3

vendor:susemodel:linux enterprise server sp2scope:eqversion:10

Trust: 0.3

vendor:avayamodel:messaging storage server mm3.0scope: - version: -

Trust: 0.3

vendor:sunmodel:grid engine 64-bit sparcscope:eqversion:5.3

Trust: 0.3

vendor:ntpmodel:p150scope:eqversion:4.2.5

Trust: 0.3

vendor:avayamodel:communication managerscope:eqversion:1.3.1

Trust: 0.3

vendor:nortelmodel:networks vpn routerscope:eqversion:1700

Trust: 0.3

vendor:iscmodel:bindscope:eqversion:9.0

Trust: 0.3

vendor:iscmodel:bind rc1scope:eqversion:9.4

Trust: 0.3

vendor:opensslmodel:project openssl jscope:eqversion:0.9.7

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:3.1

Trust: 0.3

vendor:sunmodel:grid enginescope:neversion:6.0

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:4.0

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.7

Trust: 0.3

vendor:opensslmodel:project openssl escope:eqversion:0.9.8

Trust: 0.3

vendor:susemodel:linux enterprise desktop sp1scope:eqversion:11

Trust: 0.3

vendor:bsdperimetermodel:pfsense 1.2-rc1scope: - version: -

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:4.0

Trust: 0.3

vendor:f5model:big-ip wan optimization modulescope:eqversion:10.0

Trust: 0.3

vendor:redhatmodel:desktopscope:eqversion:4.0

Trust: 0.3

vendor:iscmodel:bind p1scope:neversion:9.5.1

Trust: 0.3

vendor:iscmodel:bind a2scope:eqversion:9.5

Trust: 0.3

vendor:iscmodel:bind a6scope:eqversion:9.4

Trust: 0.3

vendor:sunmodel:opensolaris build snv 22scope: - version: -

Trust: 0.3

vendor:iscmodel:bind 9.5.0a4scope: - version: -

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.4.2

Trust: 0.3

vendor:sunmodel:opensolaris build snv 81scope: - version: -

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.4.1

Trust: 0.3

vendor:avayamodel:message networkingscope: - version: -

Trust: 0.3

vendor:f5model:bigip application security managerscope:eqversion:9.4

Trust: 0.3

vendor:sunmodel:opensolaris build snv 103scope: - version: -

Trust: 0.3

vendor:f5model:big-ip local traffic managerscope:eqversion:9.6

Trust: 0.3

vendor:avayamodel:communication managerscope:eqversion:2.2

Trust: 0.3

vendor:bsdperimetermodel:pfsensescope:eqversion:1.2

Trust: 0.3

vendor:turbolinuxmodel:serverscope:eqversion:8.0

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:4.0

Trust: 0.3

vendor:f5model:big-ip link controllerscope:eqversion:10.0

Trust: 0.3

vendor:cwrsyncmodel:cwrsyncscope:eqversion:2.1.2

Trust: 0.3

vendor:avayamodel:communication manager server definity server r10scope: - version: -

Trust: 0.3

vendor:bsdperimetermodel:pfsense 1.2-rc2scope: - version: -

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:sunmodel:sparc enterprise m4000scope: - version: -

Trust: 0.3

vendor:cwrsyncmodel:cwrsyncscope:eqversion:2.0.10

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:3.3.1

Trust: 0.3

vendor:iscmodel:bind 9.5.0-p2-w2scope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl kscope:eqversion:0.9.6

Trust: 0.3

vendor:iscmodel:bindscope:eqversion:9.2.7

Trust: 0.3

vendor:sunmodel:opensolaris build snv 13scope: - version: -

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.2.1

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:4.3.2

Trust: 0.3

vendor:turbolinuxmodel:serverscope:eqversion:10.0

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:5

Trust: 0.3

vendor:openbsdmodel:openbsdscope:eqversion:4.3

Trust: 0.3

vendor:sunmodel:opensolaris build snv 91scope: - version: -

Trust: 0.3

vendor:avayamodel:communication managerscope:eqversion:5.0

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.1.9

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.1

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:4.1

Trust: 0.3

vendor:f5model:bigip global traffic managerscope:neversion:10.0.1

Trust: 0.3

vendor:sunmodel:opensolaris build snv 47scope: - version: -

Trust: 0.3

vendor:s u s emodel:novell linux posscope:eqversion:9

Trust: 0.3

vendor:iscmodel:bind -p2scope:eqversion:9.2.6

Trust: 0.3

vendor:sunmodel:opensolaris build snv 64scope: - version: -

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:4.5.1

Trust: 0.3

vendor:opensslmodel:project openssl beta1scope:eqversion:0.9.7

Trust: 0.3

vendor:sunmodel:opensolaris build snv 101scope: - version: -

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:3.0

Trust: 0.3

vendor:avayamodel:communication manager server definity server r9scope: - version: -

Trust: 0.3

vendor:debianmodel:linux armelscope:eqversion:4.0

Trust: 0.3

vendor:avayamodel:communication managerscope:eqversion:2.0

Trust: 0.3

vendor:avayamodel:aura sip enablement servicesscope:eqversion:3.0

Trust: 0.3

vendor:redhatmodel:enterprise linux wsscope:eqversion:3

Trust: 0.3

vendor:f5model:big-ip link controllerscope:eqversion:9.3.1

Trust: 0.3

vendor:sunmodel:solaris 10 x86scope: - version: -

Trust: 0.3

vendor:redhatmodel:desktopscope:eqversion:3.0

Trust: 0.3

vendor:iscmodel:bindscope:eqversion:9.3

Trust: 0.3

vendor:ingatemodel:siparatorscope:eqversion:3.2

Trust: 0.3

vendor:f5model:enterprise managerscope:neversion:2.0

Trust: 0.3

vendor:cwrsyncmodel:cwrsyncscope:eqversion:2.1.5

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:2.1.4

Trust: 0.3

vendor:ubuntumodel:linux lpiascope:eqversion:8.10

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop workstation clientscope:eqversion:5

Trust: 0.3

vendor:iscmodel:bindscope:eqversion:9.1.3

Trust: 0.3

vendor:nortelmodel:networks vpn routerscope:eqversion:1100

Trust: 0.3

vendor:susemodel:linux enterprise desktop sp4scope:eqversion:10

Trust: 0.3

vendor:freebsdmodel:freebsdscope:eqversion:6.3

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2008.0

Trust: 0.3

vendor:ingatemodel:firewallscope:eqversion:3.2.1

Trust: 0.3

vendor:opensslmodel:project openssl mscope:eqversion:0.9.6

Trust: 0.3

vendor:avayamodel:intuity audix lxscope:eqversion:2.0

Trust: 0.3

vendor:f5model:big-ip link controllerscope:eqversion:9.4

Trust: 0.3

vendor:avayamodel:communication manager server definity server r11scope: - version: -

Trust: 0.3

vendor:opensslmodel:project openssl bscope:eqversion:0.9.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.4.2

Trust: 0.3

vendor:opensslmodel:project openssl jscope:eqversion:0.9.6

Trust: 0.3

vendor:nortelmodel:networks switched firewall seriesscope:eqversion:6400

Trust: 0.3

vendor:turbolinuxmodel:multimediascope: - version: -

Trust: 0.3

vendor:sunmodel:opensolaris build snv 86scope: - version: -

Trust: 0.3

sources: CNVD: CNVD-2010-0376 // BID: 33150 // CNNVD: CNNVD-200901-055 // NVD: CVE-2008-5077

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-5077
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200901-055
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2008-5077
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

sources: CNNVD: CNNVD-200901-055 // NVD: CVE-2008-5077

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

sources: NVD: CVE-2008-5077

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 73659 // PACKETSTORM: 76261 // CNNVD: CNNVD-200901-055

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-200901-055

PATCH

title:F5 FirePass OpenSSL \"EVP_VerifyFinal()\" Spoofing Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/230

Trust: 0.6

sources: CNVD: CNVD-2010-0376

EXTERNAL IDS

db:NVDid:CVE-2008-5077

Trust: 3.2

db:OCERTid:OCERT-2008-016

Trust: 1.4

db:BIDid:33150

Trust: 1.3

db:VUPENid:ADV-2009-0913

Trust: 1.0

db:VUPENid:ADV-2009-0558

Trust: 1.0

db:VUPENid:ADV-2009-1338

Trust: 1.0

db:VUPENid:ADV-2009-0362

Trust: 1.0

db:VUPENid:ADV-2009-0904

Trust: 1.0

db:VUPENid:ADV-2009-1297

Trust: 1.0

db:VUPENid:ADV-2009-0040

Trust: 1.0

db:VUPENid:ADV-2009-0289

Trust: 1.0

db:USCERTid:TA09-133A

Trust: 1.0

db:SECUNIAid:35074

Trust: 1.0

db:SECUNIAid:33557

Trust: 1.0

db:SECUNIAid:34211

Trust: 1.0

db:SECUNIAid:33673

Trust: 1.0

db:SECUNIAid:33765

Trust: 1.0

db:SECUNIAid:33338

Trust: 1.0

db:SECUNIAid:35108

Trust: 1.0

db:SECUNIAid:39005

Trust: 1.0

db:SECUNIAid:33436

Trust: 1.0

db:SECUNIAid:33394

Trust: 1.0

db:SECTRACKid:1021523

Trust: 1.0

db:CNVDid:CNVD-2010-0376

Trust: 0.6

db:AUSCERTid:ESB-2022.0696

Trust: 0.6

db:LENOVOid:LEN-24443

Trust: 0.6

db:CNNVDid:CNNVD-200901-055

Trust: 0.6

db:PACKETSTORMid:73670

Trust: 0.1

db:PACKETSTORMid:77647

Trust: 0.1

db:PACKETSTORMid:73659

Trust: 0.1

db:PACKETSTORMid:76261

Trust: 0.1

db:PACKETSTORMid:73658

Trust: 0.1

db:PACKETSTORMid:76379

Trust: 0.1

db:PACKETSTORMid:90746

Trust: 0.1

sources: CNVD: CNVD-2010-0376 // BID: 33150 // PACKETSTORM: 73670 // PACKETSTORM: 77647 // PACKETSTORM: 73659 // PACKETSTORM: 76261 // PACKETSTORM: 73658 // PACKETSTORM: 76379 // PACKETSTORM: 90746 // CNNVD: CNNVD-200901-055 // NVD: CVE-2008-5077

REFERENCES

url:http://www.ocert.org/advisories/ocert-2008-016.html

Trust: 1.4

url:http://support.nortel.com/go/main.jsp?cscat=bltndetail&id=837653

Trust: 1.3

url:http://voodoo-circle.sourceforge.net/sa/sa-20090123-01.html

Trust: 1.3

url:http://support.avaya.com/elmodocs2/security/asa-2009-038.htm

Trust: 1.3

url:http://sunsolve.sun.com/search/document.do?assetkey=1-66-250826-1

Trust: 1.3

url:http://www.openssl.org/news/secadv_20090107.txt

Trust: 1.2

url:http://secunia.com/advisories/34211

Trust: 1.0

url:http://secunia.com/advisories/35108

Trust: 1.0

url:http://lists.apple.com/archives/security-announce/2009/may/msg00002.html

Trust: 1.0

url:http://www.vupen.com/english/advisories/2009/0289

Trust: 1.0

url:http://secunia.com/advisories/33557

Trust: 1.0

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a9155

Trust: 1.0

url:https://usn.ubuntu.com/704-1/

Trust: 1.0

url:http://secunia.com/advisories/33436

Trust: 1.0

url:http://secunia.com/advisories/33765

Trust: 1.0

url:http://support.apple.com/kb/ht3549

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=127678688104458&w=2

Trust: 1.0

url:http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html

Trust: 1.0

url:http://www.vupen.com/english/advisories/2009/1297

Trust: 1.0

url:http://secunia.com/advisories/39005

Trust: 1.0

url:http://secunia.com/advisories/33394

Trust: 1.0

url:http://www.vmware.com/security/advisories/vmsa-2009-0004.html

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=124277349419254&w=2

Trust: 1.0

url:http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.544796

Trust: 1.0

url:http://secunia.com/advisories/33673

Trust: 1.0

url:http://www.us-cert.gov/cas/techalerts/ta09-133a.html

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=123859864430555&w=2

Trust: 1.0

url:http://www.securityfocus.com/archive/1/499827/100/0/threaded

Trust: 1.0

url:http://www.vupen.com/english/advisories/2009/1338

Trust: 1.0

url:http://www.vupen.com/english/advisories/2009/0362

Trust: 1.0

url:http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html

Trust: 1.0

url:http://secunia.com/advisories/35074

Trust: 1.0

url:http://secunia.com/advisories/33338

Trust: 1.0

url:http://www.securitytracker.com/id?1021523

Trust: 1.0

url:http://www.vupen.com/english/advisories/2009/0913

Trust: 1.0

url:http://www.vupen.com/english/advisories/2009/0558

Trust: 1.0

url:http://www.vupen.com/english/advisories/2009/0904

Trust: 1.0

url:http://www.vupen.com/english/advisories/2009/0040

Trust: 1.0

url:http://www.securityfocus.com/bid/33150

Trust: 1.0

url:http://www.securityfocus.com/archive/1/502322/100/0/threaded

Trust: 1.0

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a6380

Trust: 1.0

url:http://www.redhat.com/support/errata/rhsa-2009-0004.html

Trust: 1.0

url:http://security.gentoo.org/glsa/glsa-200902-02.xml

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2008-5077

Trust: 0.7

url:http://www.securityfocus.com/archive/1/archive/1/502322/100/0/threaded

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.0696

Trust: 0.6

url:https://support.lenovo.com/us/en/solutions/len-24443

Trust: 0.6

url:http://www.innominate.com/data/downloads/manuals/releasenotes_mguard_615_en.pdf

Trust: 0.3

url:http://www.openbsd.org/errata43.html#007_openssl

Trust: 0.3

url:http://eid.belgium.be

Trust: 0.3

url:https://kc.mcafee.com/corporate/index?page=content&id=kb76646

Trust: 0.3

url:https://blogs.oracle.com/sunsecurity/entry/multiple_openssl_vulnerabilities_in_sun

Trust: 0.3

url:http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_network_time

Trust: 0.3

url:http://blog.pfsense.org/?p=351

Trust: 0.3

url:http://sourceforge.net/project/shownotes.php?release_id=654656

Trust: 0.3

url:http://www.ingate.com/relnote.php?ver=471

Trust: 0.3

url:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511509

Trust: 0.3

url:https://bugzilla.redhat.com/show_bug.cgi?id=479650

Trust: 0.3

url:http://www.innominate.com/data/downloads/manuals/releasenotes_mguard_516_en.pdf

Trust: 0.3

url:/archive/1/499827

Trust: 0.3

url:/archive/1/499855

Trust: 0.3

url:http://support.f5.com/kb/en-us/solutions/public/11000/500/sol11503.html?sr=10949137

Trust: 0.3

url:http://www.openbsd.org/errata44.html#007_openssl

Trust: 0.3

url:http://support.avaya.com/elmodocs2/security/asa-2009-057.htm

Trust: 0.3

url:http://support.avaya.com/elmodocs2/security/asa-2009-116.htm

Trust: 0.3

url:https://www.isc.org/node/373

Trust: 0.3

url:https://www13.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c01743291

Trust: 0.3

url:http://www13.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02227287&admit=109447627+1276778491548+28353475

Trust: 0.3

url:http://www.mail-archive.com/openssl-users@openssl.org/msg55534.html

Trust: 0.3

url:https://rhn.redhat.com/errata/rhsa-2009-0046.html

Trust: 0.3

url:https://support.f5.com/kb/en-us/solutions/public/9000/700/sol9762.html

Trust: 0.3

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-5077

Trust: 0.3

url:http://www.itrc.hp.com/service/cki/secbullarchive.do

Trust: 0.2

url:http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na&langcode=useng&jumpid=in_sc-gen__driveritrc&topiccode=itrc

Trust: 0.2

url:http://h30046.www3.hp.com/subsignin.php

Trust: 0.2

url:http://security.freebsd.org/advisories/freebsd-sa-09:02.openssl.asc

Trust: 0.1

url:http://security.freebsd.org/patches/sa-09:02/openssl6.patch

Trust: 0.1

url:http://security.freebsd.org/patches/sa-09:02/openssl.patch

Trust: 0.1

url:http://security.freebsd.org/>.

Trust: 0.1

url:http://www.freebsd.org/handbook/makeworld.html>

Trust: 0.1

url:http://security.freebsd.org/patches/sa-09:02/openssl.patch.asc

Trust: 0.1

url:http://security.freebsd.org/patches/sa-09:02/openssl6.patch.asc

Trust: 0.1

url:http://h20000.www2.hp.com/bizsupport/techsupport/softwaredescription.jsp?switem=mtx-8300d57bb5424791b0e61652e8

Trust: 0.1

url:http://h20000.www2.hp.com/bizsupport/techsupport/softwaredescription.jsp?switem=mtx-b35b8e125d17427fa8a74e9ef6

Trust: 0.1

url:http://h20000.www2.hp.com/bizsupport/techsupport/softwaredescription.jsp?switem=mtx-d7bcce2dc82d43daaec308eb40

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2008-5814

Trust: 0.1

url:http://download3.vmware.com/software/vi/esx-1008408.tgz

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-0025

Trust: 0.1

url:http://kb.vmware.com/kb/1008409

Trust: 0.1

url:http://kb.vmware.com/kb/1008413

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2712

Trust: 0.1

url:http://www.vmware.com/security

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2008-2712

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4101

Trust: 0.1

url:http://kb.vmware.com/kb/1008415

Trust: 0.1

url:http://kb.vmware.com/kb/1055

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2008-3432

Trust: 0.1

url:http://kb.vmware.com/kb/1008416

Trust: 0.1

url:http://download3.vmware.com/software/vi/esx303-200903403-sg.zip

Trust: 0.1

url:http://download3.vmware.com/software/vi/esx303-200903406-sg.zip

Trust: 0.1

url:http://download3.vmware.com/software/vi/esx303-200903405-sg.zip

Trust: 0.1

url:http://www.vmware.com/support/policies/security_response.html

Trust: 0.1

url:http://kb.vmware.com/kb/1008408

Trust: 0.1

url:http://download3.vmware.com/software/vi/esx-1008409.tgz

Trust: 0.1

url:http://www.vmware.com/support/policies/eos.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2008-4101

Trust: 0.1

url:http://kb.vmware.com/kb/1008406

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3432

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0025

Trust: 0.1

url:http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2953

Trust: 0.1

url:http://www.vmware.com/support/policies/eos_vi.html

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2007-2953

Trust: 0.1

url:http://download3.vmware.com/software/vi/esx-1008406.tgz

Trust: 0.1

url:http://gridengine.sunsource.net/

Trust: 0.1

url:https://www.isc.org/products/bind

Trust: 0.1

url:http://www.openevidence.org/

Trust: 0.1

url:http://eid.belgium.be/

Trust: 0.1

url:http://ocert.org

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2008-0021

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2008-0025

Trust: 0.1

url:http://gale.org/

Trust: 0.1

url:http://www.zxid.org/

Trust: 0.1

url:http://openssl.org/news/secadv_20090107.txt

Trust: 0.1

url:http://lasso.entrouvert.org/

Trust: 0.1

url:http://openssl.org/

Trust: 0.1

url:http://www.google.com/codesearch/p?#1vgzyqx--lu/achilles/remailer/zero-knowledge/freedomserver-2.x.tgz/

Trust: 0.1

url:http://www.ntp.org/

Trust: 0.1

url:http://bugs.gentoo.org.

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0021

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-0021

Trust: 0.1

url:http://security.gentoo.org/

Trust: 0.1

url:http://www.gentoo.org/security/en/glsa/glsa-200902-02.xml

Trust: 0.1

url:http://security.gentoo.org/glsa/glsa-200904-05.xml

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-0789

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-0591

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3245

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-0590

Trust: 0.1

url:http://h71000.www7.hp.com/openvms/products/ssl/ssl.html

Trust: 0.1

sources: CNVD: CNVD-2010-0376 // BID: 33150 // PACKETSTORM: 73670 // PACKETSTORM: 77647 // PACKETSTORM: 73659 // PACKETSTORM: 76261 // PACKETSTORM: 73658 // PACKETSTORM: 76379 // PACKETSTORM: 90746 // CNNVD: CNNVD-200901-055 // NVD: CVE-2008-5077

CREDITS

Google Security Team

Trust: 0.9

sources: BID: 33150 // CNNVD: CNNVD-200901-055

SOURCES

db:CNVDid:CNVD-2010-0376
db:BIDid:33150
db:PACKETSTORMid:73670
db:PACKETSTORMid:77647
db:PACKETSTORMid:73659
db:PACKETSTORMid:76261
db:PACKETSTORMid:73658
db:PACKETSTORMid:76379
db:PACKETSTORMid:90746
db:CNNVDid:CNNVD-200901-055
db:NVDid:CVE-2008-5077

LAST UPDATE DATE

2024-11-23T20:18:02.092000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2010-0376date:2010-03-17T00:00:00
db:BIDid:33150date:2015-04-13T22:13:00
db:CNNVDid:CNNVD-200901-055date:2022-03-10T00:00:00
db:NVDid:CVE-2008-5077date:2024-11-21T00:53:14.187

SOURCES RELEASE DATE

db:CNVDid:CNVD-2010-0376date:2010-03-17T00:00:00
db:BIDid:33150date:2009-01-07T00:00:00
db:PACKETSTORMid:73670date:2009-01-07T22:43:21
db:PACKETSTORMid:77647date:2009-05-19T23:02:50
db:PACKETSTORMid:73659date:2009-01-07T20:21:31
db:PACKETSTORMid:76261date:2009-04-01T22:24:06
db:PACKETSTORMid:73658date:2009-01-07T20:17:20
db:PACKETSTORMid:76379date:2009-04-06T23:59:06
db:PACKETSTORMid:90746date:2010-06-18T02:05:35
db:CNNVDid:CNNVD-200901-055date:2009-01-07T00:00:00
db:NVDid:CVE-2008-5077date:2009-01-07T17:30:00.327