CVE-2010-4180

OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://cvs.openssl.org/chngview?cn=20131	Broken Link Patch
https://bugzilla.redhat.com/show_bug.cgi?id=659462	Issue Tracking Patch Third Party Advisory
http://openssl.org/news/secadv_20101202.txt	Patch Third Party Advisory
http://www.vupen.com/english/advisories/2010/3120	Permissions Required
http://www.vupen.com/english/advisories/2010/3122	Permissions Required
http://ubuntu.com/usn/usn-1029-1	Third Party Advisory
http://secunia.com/advisories/42473	Not Applicable
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668471	Third Party Advisory
http://www.vupen.com/english/advisories/2010/3134	Permissions Required
http://osvdb.org/69565	Broken Link
http://www.securitytracker.com/id?1024822	Broken Link Third Party Advisory VDB Entry
http://secunia.com/advisories/42493	Not Applicable
http://www.mandriva.com/security/advisories?name=MDVSA-2010:248	Permissions Required
http://www.securityfocus.com/bid/45164	Third Party Advisory VDB Entry
http://secunia.com/advisories/42469	Not Applicable
http://www.vupen.com/english/advisories/2010/3188	Permissions Required
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052027.html	Mailing List Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0979.html	Third Party Advisory
http://secunia.com/advisories/42620	Not Applicable
http://secunia.com/advisories/42571	Not Applicable
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052315.html	Mailing List Third Party Advisory
http://www.debian.org/security/2011/dsa-2141	Third Party Advisory
http://secunia.com/advisories/42811	Not Applicable
http://www.vupen.com/english/advisories/2011/0032	Permissions Required
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html	Mailing List Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0977.html	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0978.html	Third Party Advisory
http://secunia.com/advisories/42877	Not Applicable
http://www.vupen.com/english/advisories/2011/0076	Permissions Required
http://www.vupen.com/english/advisories/2011/0268	Permissions Required
http://secunia.com/advisories/43171	Not Applicable
http://secunia.com/advisories/43172	Not Applicable
http://secunia.com/advisories/43169	Not Applicable
http://secunia.com/advisories/43173	Not Applicable
http://secunia.com/advisories/43170	Not Applicable
https://kb.bluecoat.com/index?page=content&id=SA53&actp=LIST	Broken Link
http://secunia.com/advisories/44269	Not Applicable
http://support.apple.com/kb/HT4723	Third Party Advisory
http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html	Broken Link Mailing List Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-0896.html	Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=132077688910227&w=2	Issue Tracking Third Party Advisory
http://www.securityfocus.com/archive/1/522176	Third Party Advisory VDB Entry
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777	Broken Link
http://www.kb.cert.org/vuls/id/737740	Third Party Advisory US Government Resource
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html	Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=129916880600544&w=2	Issue Tracking Third Party Advisory
http://marc.info/?l=bugtraq&m=130497251507577&w=2	Issue Tracking Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18910	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:openssl:openssl::::::::
	cpe:2.3:a:openssl:openssl::::::::

Configuration 2 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:13:::::::*
	cpe:2.3:o:fedoraproject:fedora:14:::::::*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:10.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:9.04:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:8.04::::-:::
	cpe:2.3:o:canonical:ubuntu_linux:10.04::::-:::
	cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::*

Configuration 5 (hide)

OR	cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1::::::
	cpe:2.3:o:opensuse:opensuse:11.1:::::::*
	cpe:2.3:o:suse:linux_enterprise_server:9:::::::*
	cpe:2.3:o:opensuse:opensuse:11.4:::::::*
	cpe:2.3:o:opensuse:opensuse:11.2:::::::*
	cpe:2.3:o:opensuse:opensuse:11.3:::::::*
	cpe:2.3:o:suse:linux_enterprise_desktop:10:sp3::::::
	cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:::-:::*
	cpe:2.3:o:suse:linux_enterprise_server:10:sp4:::-:::*
	cpe:2.3:o:suse:linux_enterprise:11.0:sp1::::::
	cpe:2.3:o:suse:linux_enterprise_server:10:sp3:::-:::*

Configuration 6 (hide)

cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*

Information

Published : 2010-12-06 13:05

Updated : 2022-08-04 12:59

NVD link : CVE-2010-4180

Mitre link : CVE-2010-4180

JSON object : View

CWE

NVD-CWE-noinfo

Products Affected

nginx

suse

linux_enterprise_desktop
linux_enterprise
linux_enterprise_server

openssl

openssl

fedoraproject

fedora

canonical

ubuntu_linux

debian

debian_linux

opensuse

opensuse

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://cvs.openssl.org/chngview?cn=20131", "name": "http://cvs.openssl.org/chngview?cn=20131", "tags": ["Broken Link", "Patch"], "refsource": "CONFIRM"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=659462", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=659462", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://openssl.org/news/secadv_20101202.txt", "name": "http://openssl.org/news/secadv_20101202.txt", "tags": ["Patch", "Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.vupen.com/english/advisories/2010/3120", "name": "ADV-2010-3120", "tags": ["Permissions Required"], "refsource": "VUPEN"}, {"url": "http://www.vupen.com/english/advisories/2010/3122", "name": "ADV-2010-3122", "tags": ["Permissions Required"], "refsource": "VUPEN"}, {"url": "http://ubuntu.com/usn/usn-1029-1", "name": "USN-1029-1", "tags": ["Third Party Advisory"], "refsource": "UBUNTU"}, {"url": "http://secunia.com/advisories/42473", "name": "42473", "tags": ["Not Applicable"], "refsource": "SECUNIA"}, {"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668471", "name": "SSA:2010-340-01", "tags": ["Third Party Advisory"], "refsource": "SLACKWARE"}, {"url": "http://www.vupen.com/english/advisories/2010/3134", "name": "ADV-2010-3134", "tags": ["Permissions Required"], "refsource": "VUPEN"}, {"url": "http://osvdb.org/69565", "name": "69565", "tags": ["Broken Link"], "refsource": "OSVDB"}, {"url": "http://www.securitytracker.com/id?1024822", "name": "1024822", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/42493", "name": "42493", "tags": ["Not Applicable"], "refsource": "SECUNIA"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:248", "name": "MDVSA-2010:248", "tags": ["Permissions Required"], "refsource": "MANDRIVA"}, {"url": "http://www.securityfocus.com/bid/45164", "name": "45164", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/42469", "name": "42469", "tags": ["Not Applicable"], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2010/3188", "name": "ADV-2010-3188", "tags": ["Permissions Required"], "refsource": "VUPEN"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052027.html", "name": "FEDORA-2010-18765", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "FEDORA"}, {"url": "http://www.redhat.com/support/errata/RHSA-2010-0979.html", "name": "RHSA-2010:0979", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://secunia.com/advisories/42620", "name": "42620", "tags": ["Not Applicable"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/42571", "name": "42571", "tags": ["Not Applicable"], "refsource": "SECUNIA"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052315.html", "name": "FEDORA-2010-18736", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "FEDORA"}, {"url": "http://www.debian.org/security/2011/dsa-2141", "name": "DSA-2141", "tags": ["Third Party Advisory"], "refsource": "DEBIAN"}, {"url": "http://secunia.com/advisories/42811", "name": "42811", "tags": ["Not Applicable"], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2011/0032", "name": "ADV-2011-0032", "tags": ["Permissions Required"], "refsource": "VUPEN"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html", "name": "SUSE-SR:2011:001", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://www.redhat.com/support/errata/RHSA-2010-0977.html", "name": "RHSA-2010:0977", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://www.redhat.com/support/errata/RHSA-2010-0978.html", "name": "RHSA-2010:0978", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://secunia.com/advisories/42877", "name": "42877", "tags": ["Not Applicable"], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2011/0076", "name": "ADV-2011-0076", "tags": ["Permissions Required"], "refsource": "VUPEN"}, {"url": "http://www.vupen.com/english/advisories/2011/0268", "name": "ADV-2011-0268", "tags": ["Permissions Required"], "refsource": "VUPEN"}, {"url": "http://secunia.com/advisories/43171", "name": "43171", "tags": ["Not Applicable"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/43172", "name": "43172", "tags": ["Not Applicable"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/43169", "name": "43169", "tags": ["Not Applicable"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/43173", "name": "43173", "tags": ["Not Applicable"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/43170", "name": "43170", "tags": ["Not Applicable"], "refsource": "SECUNIA"}, {"url": "https://kb.bluecoat.com/index?page=content&id=SA53&actp=LIST", "name": "https://kb.bluecoat.com/index?page=content&id=SA53&actp=LIST", "tags": ["Broken Link"], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/44269", "name": "44269", "tags": ["Not Applicable"], "refsource": "SECUNIA"}, {"url": "http://support.apple.com/kb/HT4723", "name": "http://support.apple.com/kb/HT4723", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html", "name": "APPLE-SA-2011-06-23-1", "tags": ["Broken Link", "Mailing List", "Third Party Advisory"], "refsource": "APPLE"}, {"url": "http://www.redhat.com/support/errata/RHSA-2011-0896.html", "name": "RHSA-2011:0896", "tags": ["Vendor Advisory"], "refsource": "REDHAT"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html", "name": "openSUSE-SU-2011:0845", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html", "name": "SUSE-SU-2011:0847", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://marc.info/?l=bugtraq&m=132077688910227&w=2", "name": "HPSBHF02706", "tags": ["Issue Tracking", "Third Party Advisory"], "refsource": "HP"}, {"url": "http://www.securityfocus.com/archive/1/522176", "name": "SSRT100817", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "HP"}, {"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777", "name": "HPSBMA02658", "tags": ["Broken Link"], "refsource": "HP"}, {"url": "http://www.kb.cert.org/vuls/id/737740", "name": "VU#737740", "tags": ["Third Party Advisory", "US Government Resource"], "refsource": "CERT-VN"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html", "name": "SUSE-SR:2011:009", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://marc.info/?l=bugtraq&m=129916880600544&w=2", "name": "HPSBUX02638", "tags": ["Issue Tracking", "Third Party Advisory"], "refsource": "HP"}, {"url": "http://marc.info/?l=bugtraq&m=130497251507577&w=2", "name": "SSRT100475", "tags": ["Issue Tracking", "Third Party Advisory"], "refsource": "HP"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18910", "name": "oval:org.mitre.oval:def:18910", "tags": ["Third Party Advisory"], "refsource": "OVAL"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2010-4180", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2010-12-06T21:05Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.0.0c", "versionStartIncluding": "1.0.0"}, {"cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "0.9.8q"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise:11.0:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:-:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "0.9.2"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-08-04T19:59Z"}

4.3 /10