CVE-2005-2946

First published: Fri Sep 16 2005(Updated: )

The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote attackers to forge certificates with a valid certificate authority signature.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
OpenSSL OpenSSL	=0.9.1c
OpenSSL OpenSSL	=0.9.2b
OpenSSL OpenSSL	=0.9.3
OpenSSL OpenSSL	=0.9.3a
OpenSSL OpenSSL	=0.9.4
OpenSSL OpenSSL	=0.9.5
OpenSSL OpenSSL	=0.9.5-beta1
OpenSSL OpenSSL	=0.9.5-beta2
OpenSSL OpenSSL	=0.9.5a
OpenSSL OpenSSL	=0.9.5a-beta1
OpenSSL OpenSSL	=0.9.5a-beta2
OpenSSL OpenSSL	=0.9.6
OpenSSL OpenSSL	=0.9.6-beta1
OpenSSL OpenSSL	=0.9.6-beta2
OpenSSL OpenSSL	=0.9.6-beta3
OpenSSL OpenSSL	=0.9.6a
OpenSSL OpenSSL	=0.9.6a-beta1
OpenSSL OpenSSL	=0.9.6a-beta2
OpenSSL OpenSSL	=0.9.6a-beta3
OpenSSL OpenSSL	=0.9.6b
OpenSSL OpenSSL	=0.9.6c
OpenSSL OpenSSL	=0.9.6d
OpenSSL OpenSSL	=0.9.6e
OpenSSL OpenSSL	=0.9.6f
OpenSSL OpenSSL	=0.9.6g
OpenSSL OpenSSL	=0.9.6h
OpenSSL OpenSSL	=0.9.6i
OpenSSL OpenSSL	=0.9.6j
OpenSSL OpenSSL	=0.9.6k
OpenSSL OpenSSL	=0.9.6l
OpenSSL OpenSSL	=0.9.6m
OpenSSL OpenSSL	=0.9.7
OpenSSL OpenSSL	=0.9.7-beta1
OpenSSL OpenSSL	=0.9.7-beta2
OpenSSL OpenSSL	=0.9.7-beta3
OpenSSL OpenSSL	=0.9.7-beta4
OpenSSL OpenSSL	=0.9.7-beta5
OpenSSL OpenSSL	=0.9.7-beta6
OpenSSL OpenSSL	=0.9.7a
OpenSSL OpenSSL	=0.9.7b
OpenSSL OpenSSL	=0.9.7c
OpenSSL OpenSSL	=0.9.7d
OpenSSL OpenSSL	=0.9.7e
OpenSSL OpenSSL	=0.9.7f
OpenSSL OpenSSL	=0.9.7g
OpenSSL OpenSSL	<0.9.8
Canonical Ubuntu Linux	=4.10
Canonical Ubuntu Linux	=5.04

Never miss a vulnerability like this again

Reference Links

collector/nvd-index
collector/nvd-historical
agent/type
agent/first-publish-date
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/author
agent/severity
agent/last-modified-date
agent/weakness
agent/references
agent/softwarecombine
agent/tags
agent/event
agent/description
collector/mitre-cve
source/MITRE
vendor/openssl
canonical/openssl openssl
version/openssl openssl/0.9.1c
version/openssl openssl/0.9.2b
version/openssl openssl/0.9.3
version/openssl openssl/0.9.3a
version/openssl openssl/0.9.4
version/openssl openssl/0.9.5
version/openssl openssl/0.9.5-beta1
version/openssl openssl/0.9.5-beta2
version/openssl openssl/0.9.5a
version/openssl openssl/0.9.5a-beta1
version/openssl openssl/0.9.5a-beta2
version/openssl openssl/0.9.6
version/openssl openssl/0.9.6-beta1
version/openssl openssl/0.9.6-beta2
version/openssl openssl/0.9.6-beta3
version/openssl openssl/0.9.6a
version/openssl openssl/0.9.6a-beta1
version/openssl openssl/0.9.6a-beta2
version/openssl openssl/0.9.6a-beta3
version/openssl openssl/0.9.6b
version/openssl openssl/0.9.6c
version/openssl openssl/0.9.6d
version/openssl openssl/0.9.6e
version/openssl openssl/0.9.6f
version/openssl openssl/0.9.6g
version/openssl openssl/0.9.6h
version/openssl openssl/0.9.6i
version/openssl openssl/0.9.6j
version/openssl openssl/0.9.6k
version/openssl openssl/0.9.6l
version/openssl openssl/0.9.6m
version/openssl openssl/0.9.7
version/openssl openssl/0.9.7-beta1
version/openssl openssl/0.9.7-beta2
version/openssl openssl/0.9.7-beta3
version/openssl openssl/0.9.7-beta4
version/openssl openssl/0.9.7-beta5
version/openssl openssl/0.9.7-beta6
version/openssl openssl/0.9.7a
version/openssl openssl/0.9.7b
version/openssl openssl/0.9.7c
version/openssl openssl/0.9.7d
version/openssl openssl/0.9.7e
version/openssl openssl/0.9.7f
version/openssl openssl/0.9.7g
vendor/canonical
canonical/canonical ubuntu linux
version/canonical ubuntu linux/4.10
version/canonical ubuntu linux/5.04

CVE-2005-2946

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact