>> IBM Hardware Management Console Multiple OpenSSL Vulnerabilities
Title : IBM Hardware Management Console Multiple OpenSSL Vulnerabilities VUPEN ID : VUPEN/ADV-2005-3002 CVE ID : CVE-2005-0109 - CVE-2005-2969
Rated as : Moderate Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2005-12-20
Technical Description
IBM has released new APARs to address two vulnerabilities identified in OpenSSL for IBM Hardware Management Console (HMS). The first issue could be exploited to conduct MITM (Man in the Middle) attacks and force a client and a server to negotiate the SSL 2.0 protocol instead of SSL 3.0 or TLS 1.0. The second flaw is due to an error in the Hyper-Threading Technology (HTT), which may cause certain information to be disclosed to local users. For additional information, see : VUPEN/ADV-2005-2036 and VUPEN/ADV-2005-0540
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback If you have additional information or corrections for this security advisory please submit them via our contact form.
