oval:org.mitre.oval:def:12801
| Definition Id: oval:org.mitre.oval:def:12801 | |||
| Oval ID: | oval:org.mitre.oval:def:12801 | ||
| Title: | DSA-2141-2 nss -- SSL/TLS insecure renegotiation protocol design flaw | ||
| Description: | CVE-2009-3555: Marsh Ray, Steve Dispensa, and Martin Rex discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds backported support for the new RFC5746 renegotiation extension which fixes this issue. The updated libraries allow to use shell environment variables to configure if insecure renegotiation is still allowed. The syntax of these environment variables is described in the release notes to version 3.12.6 of nss: https://developer.mozilla.org/NSS_3.12.6_release_notes However, the default behaviour for nss in Debian 5.0 is NSS_SSL_ENABLE_RENEGOTIATION=3, which allows clients to continue to renegotiate with vulnerable servers. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-2141-2 CVE-2009-3555 CVE-2010-4180 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | nss |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6513 | |||
| Oval ID: | oval:org.mitre.oval:def:6513 | ||
| Title: | Debian GNU/Linux 5.0 is installed | ||
| Description: | Debian GNU/Linux 5.0 (lenny) is installed | ||
| Family: | unix | Class: | inventory |
| Reference(s): | cpe:/o:debian:debian_gnu/linux:5.0 | Version: | 7 |
| Platform(s): | Debian GNU/Linux 5.0 | Product(s): | |
| Definition Synopsis: | |||
| Referenced By: | |||
| oval:org.mitre.oval:def:12801 | |||
