Developers Documentation



301 error for file:

User Tools

Site Tools

CVE 2005-2969

'The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack.'

ClearCenter response

Short response

ClearOS contains backported fixes for this flaw prior to the general release.

Long response

Reports that ClearOS are affected by this vulnerability are grossly inaccurate and represent an inability for the audit system to properly distinguish between normal and backported versions of SSH running on Linux. ClearOS is not affected by this bug since it included the fixes before any release.


No action required.

content/en_us/announcements_cve_cve-2005-2969.txt · Last modified: 2014/12/22 10:09 by dloper