OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.
References
Link Providers
http://cvs.openssl.org/chngview?cn=20131 cve-icon cve-icon
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777 cve-icon cve-icon
http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052027.html cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052315.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00003.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html cve-icon cve-icon
http://marc.info/?l=bugtraq&m=129916880600544&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=130497251507577&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=132077688910227&w=2 cve-icon cve-icon
http://openssl.org/news/secadv_20101202.txt cve-icon cve-icon
http://osvdb.org/69565 cve-icon cve-icon
http://secunia.com/advisories/42469 cve-icon cve-icon
http://secunia.com/advisories/42473 cve-icon cve-icon
http://secunia.com/advisories/42493 cve-icon cve-icon
http://secunia.com/advisories/42571 cve-icon cve-icon
http://secunia.com/advisories/42620 cve-icon cve-icon
http://secunia.com/advisories/42811 cve-icon cve-icon
http://secunia.com/advisories/42877 cve-icon cve-icon
http://secunia.com/advisories/43169 cve-icon cve-icon
http://secunia.com/advisories/43170 cve-icon cve-icon
http://secunia.com/advisories/43171 cve-icon cve-icon
http://secunia.com/advisories/43172 cve-icon cve-icon
http://secunia.com/advisories/43173 cve-icon cve-icon
http://secunia.com/advisories/44269 cve-icon cve-icon
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668471 cve-icon cve-icon
http://support.apple.com/kb/HT4723 cve-icon cve-icon
http://ubuntu.com/usn/usn-1029-1 cve-icon cve-icon
http://www.debian.org/security/2011/dsa-2141 cve-icon cve-icon
http://www.kb.cert.org/vuls/id/737740 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2010:248 cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2010-0977.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2010-0978.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2010-0979.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2011-0896.html cve-icon cve-icon
http://www.securityfocus.com/archive/1/522176 cve-icon cve-icon
http://www.securityfocus.com/bid/45164 cve-icon cve-icon
http://www.securitytracker.com/id?1024822 cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/3120 cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/3122 cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/3134 cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/3188 cve-icon cve-icon
http://www.vupen.com/english/advisories/2011/0032 cve-icon cve-icon
http://www.vupen.com/english/advisories/2011/0076 cve-icon cve-icon
http://www.vupen.com/english/advisories/2011/0268 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=659462 cve-icon cve-icon
https://kb.bluecoat.com/index?page=content&id=SA53&actp=LIST cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2010-4180 cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18910 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2010-4180 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2010-12-06T21:00:00

Updated: 2024-08-07T03:34:37.524Z

Reserved: 2010-11-04T00:00:00

Link: CVE-2010-4180

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2010-12-06T21:05:48.687

Modified: 2024-11-21T01:20:23.207

Link: CVE-2010-4180

cve-icon Redhat

Severity : Moderate

Publid Date: 2010-12-02T00:00:00Z

Links: CVE-2010-4180 - Bugzilla